Jump to content


ShieldPass - A dynamic authentication method for websites

  • Please log in to reply
1 reply to this topic

#1 Holmes.Sherlock


    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
    United States

Posted 16 April 2012 - 04:44 AM

Classical method of securing log in to protected systems is to use strong password policy. With static passwords, there is always a chance of account security getting compromised. Hence, ShieldPass has introduced the concept of dynamic password based authentication system. It claims to use PassWindow authentication method where the account security is not really based on SSL. Installation is damn easy. What all you need to so is to embed a PHP code snippet in you website, hard-code your public & private key & card ID there. You will be given a physical card which you have to place onto the screen. The digits on the card will be constantly changing. At any point of time, enter the digits displayed & you are done. ShieldPass plugin is available for WordPress, phpBB, osCommerce, ZenCart & OpenCart also.

Step-by-step installation instruction: https://www.shieldpass.com/about.html
How two-factor authentication works: http://www.commonexploits.com/?p=387

ShieldPass in practice

Installing ShieldPass

#2 Scott Dare

Scott Dare
  • Patrician
  • 3 posts
  • Location:Brooklyn, NY USA
    United States

Posted 16 April 2012 - 12:49 PM

After digging around on thier site, PassWindow does seem like a nice, inexpensive alternative hardware tokens. I did not look at (or am qualified to evaluate) the math behind it. Yes, I know that Google two-factor auth is even cheaper (free) but i've read the objection to it, being that it's not 'really' two-factor, since Google's token does not qualify as 'something you have' (unlike actual hardware tokens)

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users