Comments on: Double Thanks, with Two Factor Authentication

By: Mike Christiansen

November 29, 2009, 7:04 pm

That’s awesome, but that’s not really two factor authentication… 1. What you know (Password) 2. What you have (Security Token) 3. Who you are (Biometrics) A one time password to my e-mail is just...

View Article

Hello Mike, I agree with you. This is not a real second factor. But, first of all, I had to develope a way to intersect the sign in process with a further step. Now we are ready to add more factors....

View Article

By: Dan

November 30, 2009, 9:36 am

Have a look at PhoneFactor.com. It looks promising and it’s probably quite easy to implement. And I’m not affiliated with them in any way… Another simple alternative to the email OTP would be an SMS OTP.

View Article

By: Francesco

November 30, 2009, 11:59 am

Hi Dan, I tested PhoneFactor a year ago, and it worked perfectly. But it is free only for a limited number of users.We would have to introduce a prepaid credits plan in order to fully support it. The...

View Article

By: Jordan

November 30, 2009, 1:34 pm

I think a keyfob token, like RSA SecurID, that displays a one-time password you can type in would be useful.

View Article

By: Ryan

December 1, 2009, 12:31 am

I would be willing to pay for a keyfob token. I would also be willing to pay per-use for SMS tokens.

View Article

By: Dan

December 1, 2009, 11:27 am

Have you looked at using the VeriSign cards that PayPal uses? If you were able to use the same VeriSign backend for free, your users could use the same cards as they use for PayPal and that you can...

View Article

By: Neil

December 1, 2009, 11:58 pm

You likely don’t need a separate SMS OTP/token implementation. Most telephone companies provide an email to SMS gateway, so the existing email support is sufficient to accomplish the same thing....

View Article