Implementing a one-time password system on the web

Double Protection

© Marvin Ristau de, Fotolia

© Marvin Ristau de, Fotolia

Article from Issue 99/2009
Author(s):

Add security to your website with a one-time password system.

Two-factor authentication is a system in which two different factors are used in combination to authenticate a user. Two factors, as opposed to one factor, will deliver a higher level of authentication assurance. The combined factors could consist of:

  • Something the user knows (password or pin)
  • Something the user possesses (smartcard, PKI certificates, RSA SecurID)
  • Something the user is or does (fingerprint, DNA sequence)

The first option is the easy choice. Passwords are used everyday for a multitude of purposes. The third option is usually some sort of biometric – not a good choice for the web environment. "Something the user possesses" is the best second factor for authentication. Almost all web-based, two-factor authentication solutions available today involve some form of hardware token, such as the RSA SecurID. Distributing these tokens to users is neither cost effective nor scalable in price. A company might be able to afford tokens for 1,000 users, but one good blog post and they could find themselves with 30,000 new users overnight. Requiring users to obtain a hardware token on their own is too much work for the vast majority of users. In addition, tokens have to be synced with special server software, which can often require a proprietary license.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Two-Factor Authentication

    Add an extra layer of protection with one-time passwords.

  • 2FA

    Protect your system from unwanted visitors with two-factor authentication.

  • Securing Your SSH Server

    An SSH server facing the Internet will almost certainly be under attack, but a few proactive steps will help to keep the intruders away.

  • One-Time Passwords

    A one-time password won't compromise security if it falls in the wrong hands. OPIE and OTPW bring the safety of one-time password security to Linux.

  • WebAuthn

    FIDO2 authentication with WebAuthn may be sounding the end of the password age.

comments powered by Disqus