WiKID Two-Factor Authentication plugin for PAS
WiKIDAuthPlugin is a Plone PAS plugin that once installed in the user folder will enable WiKID two-factor authentication for your Plone site.
Current release
No stable release available yet.
Experimental releases
Upcoming and alpha/beta/candidate releases
- Alpha releases should only be used for testing and development.
- Beta releases and Release Candidates are normally released for production testing, but should not be used on mission-critical sites.
- Always install on a separate test server first, and make sure you have proper backups before installing.
Project Description
WiKIDAuthPlugin is a Plone PAS plugin that once installed in the user
folder will enable WiKID two-factor authentication for your Plone
site. This is a very basic release. It was tested on 2.5.3 and on
3.0.6. If there is interest in this product, we will certainly work
to make it better. It requires pyOpenSSL and version 3.0 or higher of
the WiKID Strong Authentication Server.
WiKID is a dual-source two-factor authentication system. It consists
of: a PIN, stored in the user's head; a small, lightweight client that
encapsulates the private/public keys; and a server that stores the
public keys of the client's and the user's PIN. When the user
wants to login to a service, they start the client and enter their
PIN, which is encrypted and sent to the server. If the PIN is
correct, the account active and the encryption valid, the user is sent
a one-time passcode to use instead of a static password. The token
client can run on a Windows, Mac or Linux PC or a wireless device such
as a Blackberry, J2ME cellphone or Smartphone.
The WiKID PC tokens support mutual https authentication, thwarting
network-based Man-in-the-middle attacks. Simply add the https URL of
your Plone site to the domain as the "Registered URL". Combining SSL, mutual
authentication, two-factor authentication and Plone's robust security
and access control makes for a very secure site.
