1 reply to this topic

[Holmes.Sherlock]

Classical method of securing log in to protected systems is to use strong password policy. With static passwords, there is always a chance of account security getting compromised. Hence, ShieldPass has introduced the concept of dynamic password based authentication system. It claims to use PassWindow authentication method where the account security is not really based on SSL. Installation is damn easy. What all you need to so is to embed a PHP code snippet in you website, hard-code your public & private key & card ID there. You will be given a physical card which you have to place onto the screen. The digits on the card will be constantly changing. At any point of time, enter the digits displayed & you are done. ShieldPass plugin is available for WordPress, phpBB, osCommerce, ZenCart & OpenCart also.

Step-by-step installation instruction: https://www.shieldpass.com/about.html
How two-factor authentication works: http://www.commonexploits.com/?p=387


ShieldPass in practice
http://www.youtube.com/watch?feature=player_embedded&v=maAc7Fxp1ZY


Installing ShieldPass
http://www.youtube.com/watch?v=0UX6giXHvEY&feature=player_embedded

[Scott Dare]

After digging around on thier site, PassWindow does seem like a nice, inexpensive alternative hardware tokens. I did not look at (or am qualified to evaluate) the math behind it. Yes, I know that Google two-factor auth is even cheaper (free) but i've read the objection to it, being that it's not 'really' two-factor, since Google's token does not qualify as 'something you have' (unlike actual hardware tokens)