Open Source 2 Factor Authentication - WiKID

Our present system of usernames and passwords is just not secure enough. How many of you use the same password on multiple sites? How many of you have a password that can be guessed based on one of your family members' names, dates of birth or other identifiable information? For a long time now experts have foretold of a move to two factor authentication and tokenization. You have all probably heard of two factor authentication, but how many of you actually know what it is? WiKID Systems has been making two factor authentication available to everyone with an open source solution.

So what exactly is two factor authentication? Well according to Wikipedia:

Authentication is generally required to access secure data or enter a secure area. The requester for access or entry shall authenticate her or himself after keying in or otherwise stating his openly known identity based on proving authentically her or his identity additionally by means of

• what the requester individually knows as a secret, such as a password or a Personal Identification Number (PIN), or
• what the requesting owner uniquely has, such as a passport, physical token, or an ID-card, or
• what the requesting bearer individually is, such as biometric data, like a fingerprint or the face geometry.

Two-factor authentication means using any independent two of these authentication methods (e.g. password + value from physical token) to increase the assurance that the bearer has been authorized to access secure systems. Usually the username is openly known and visually echoed upon access and hence not understood as a secure information. This feedback however ensures the proper choice of account with the user action.

I had a chance to sit down with Nick Owen, CEO and co-founder of WiKID Systems to discuss this. In two factor authentication, in addition to the usual username and password the person seeking authentication also has some other form of identifying themselves.  This is usually in the form of a token.  One type of token is a cipher based token, like those from RSA. In a cipher based token both parties "share a secret" according to Owen.  Another kind of token is based on public key infrastructure.  In that case there is a private key on the individuals PC and a public key stored on a public key server.  This is the type of token and authentication that WiKID provides.

Owen and his partner, Eric Shoemaker started WiKID back in 2001.  Right after 9/11 finding funding was difficult. So they built WiKID the old fashioned way, with their own money. Competing against companies like RSA and Verisign without a large bankroll would be difficult. But they knew that the tokens from these large companies were largely black box. Both of them being big open source fans, they wanted to bring two-factor authentication into the light of day. Open source represented a great way to accomplish both bring two factor authentication to everyone and competing with the giants.

Today WiKID still offers its free open source community edition, as well as their enterprise editions. The enterprise editions are really very different products then the community version. The enterprise edition features radius interface and wireless support.  These are not just add on features to the open source community edition, but represent an entirely different product line.

Most recently WiKID has released a new edition with support for HTML5. Now you will no longer need to download a separate plug in for each browser.  Any browser that supports HTML5 can use it.  WiKID already supports iPhone and Android.

As the move to the cloud progresses, two factor authentication will become more and more the standard. It would be good to understand what it is about.  It is also encouraging to know that there is an open source solution out there for this as well. It is WiKID.