+1 for 2FA. Sent from my iPhone
On Aug 17, 2012, at 9:33 AM, Clayton Weise <cwe...@iswest.net> wrote: > Another reason for 2FA: regulatory compliance. HIPAA requires 2FA for > certain things. There are ways around it with the regulation, but having it > makes the HIPAA audit process much easier. +1 for this idea. > > -----Original Message----- > From: owen.n...@gmail.com [mailto:owen.n...@gmail.com] On Behalf Of Nick Owen > Sent: Friday, August 17, 2012 8:14 AM > To: cloudstack-dev@incubator.apache.org > Subject: Cloudstack two-factor authentication plugin > > Greetings! > > I recently did a presentation on cloud infrastructure and strong > authentication. As part of that effort, we have released a plugin for > Cloudstack that requires users to use WiKID two-factor authentication > when logging into the Cloudstack admin. The source and a jar file can > be found on our sourceforge site here > https://sourceforge.net/projects/wikid-twofactor/files/Cloudstack%20WiKID%20Integration/ > and is licensed under the ASL v2. An installation doc is here: > http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-add-wikid-two-factor-authentication-to-cloudstack-manager. > > Some background: WiKID use asymmetric encryption embedded in software > tokens to securely transmit PINs one way and OTPs the other to > authenticate users. We have a dual source model. This code is fully > compatible with the open-source Community version. > > Why did we do this? Because static passwords suck. Why should you be > interested in this? Because almost all attacks involve some escalation > of privilege from weak, guessable, stolen or default credentials. > "Cloud" brings tremendous benefits but puts a great deal of strain on > authentication at all levels. > > We would love to have this code included in the cloudstack build, if > there is interest. > > Thanks, > > Nick > > -- > Nick Owen > WiKID Systems, Inc. > http://www.wikidsystems.com > #wikid on freenode > @wikidsystems
