Thursday 27 August 2009

HOTPin.... two factor authentication from Celestix

As you may have a gathered I do a lot of work with the Celestix WSA appliance, deploying numerous solutions as well as carrying out proof of concepts and web demonstrations.

I've been trailing Celestix HOTPin for a little while on my demo Celestix WSA applaince. What is Celestix HOTPin?

Celestix HOTPin is a two factor authentication solution. Just to reitterate what different factors of authenication there are, we can provide:

  • Something you know - Passwords, PINs, etc.
  • Something you are given - One time passwords, tokens, etc.
  • Something you are - Fingerprint, iris scan, etc.

To have a two factor authenication solution, you should ensure that your users utilise two of these methods as authenication.

Celestix HOTPin is a one time password (OTP) solution, but rather than use the traditional method of hardware tokens, the passwords are generated on soft tokens. A soft token, is a piece of code that can run on other hardware, rather than require a dedicated piece of hardware such as a token.

Celestix HOTPin will run on Blackberry, iPhone and Smartphone/Windows Mobile devices, as well as 32-bit Windows machine. The software can be protected with a PIN, so even if your mobile telephone or laptop is found, the PIN should protect the OTP from being generated.

If you have an SMS gateway (a device that can send text messages from your network) then OTP can be generated by Celestix HOTPin and SMS'd over to the mobile device. A great back up solution, which does not require software to be loaded on a mobile device, but no so great is your are in a reception blackhole unable to get a mobile signal!!

The Celestix HOTPin software currently integrates with the Celestix WSA appliance, which saves the need to additional hardware to run this solution. The software is managed centrally on the Celestix WSA appliance, via a very familiar interface if you are use to the Celestix products.

As mentioned before I have been running this on my trial appliance, where I have deployed both the 32-bit Windows client, and the Blackberry client. Both of them do exactly what you expect, they generate a OTP!!

In my demostration environment, I check for a number of items at the login page, including:

  • Windows AD Username
  • Windows AD Password
  • Celestix HOTPin (PIN & OTP)
  • CAPTCHA

I'm so happy with how easy it is to install and manage, I will be deploying this into my live environment that we use at e92plus.

If you want to see a demostration of the Celestix WSA appliance with the various authentication methods running, please contact www.e92plus.com and we organise a web demo.

No comments:

Post a Comment