Implementing a one-time password system on the web

Double Protection

© Marvin Ristau de, Fotolia

© Marvin Ristau de, Fotolia

Article from Issue 99/2009
Author(s):

Add security to your website with a one-time password system.

Two-factor authentication is a system in which two different factors are used in combination to authenticate a user. Two factors, as opposed to one factor, will deliver a higher level of authentication assurance. The combined factors could consist of:

  • Something the user knows (password or pin)
  • Something the user possesses (smartcard, PKI certificates, RSA SecurID)
  • Something the user is or does (fingerprint, DNA sequence)

The first option is the easy choice. Passwords are used everyday for a multitude of purposes. The third option is usually some sort of biometric – not a good choice for the web environment. "Something the user possesses" is the best second factor for authentication. Almost all web-based, two-factor authentication solutions available today involve some form of hardware token, such as the RSA SecurID. Distributing these tokens to users is neither cost effective nor scalable in price. A company might be able to afford tokens for 1,000 users, but one good blog post and they could find themselves with 30,000 new users overnight. Requiring users to obtain a hardware token on their own is too much work for the vast majority of users. In addition, tokens have to be synced with special server software, which can often require a proprietary license.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Two-Factor Authentication

    Add an extra layer of protection with one-time passwords.

  • 2FA

    Protect your system from unwanted visitors with two-factor authentication.

  • Securing Your SSH Server

    An SSH server facing the Internet will almost certainly be under attack, but a few proactive steps will help to keep the intruders away.

  • One-Time Passwords

    A one-time password won't compromise security if it falls in the wrong hands. OPIE and OTPW bring the safety of one-time password security to Linux.

  • WebAuthn

    FIDO2 authentication with WebAuthn may be sounding the end of the password age.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News