WebApp Sec mailing list archives

Re: outlook web access authentication

From: "Andy Steingruebl" <steingra () gmail com>
Date: Fri, 11 Jul 2008 06:30:10 -0700

Sorry to reply to my own post, but I suppose there isn't technically
any reason you can't write this yourself.  You need a way to deliver
SMS messages, a good PRNG, and storage for them.

A user signs up and registers their mobile.
You generate an OTP for them, store it, and SMS it to them
They enter it after receiving it on their phone within XX minutes.

The vendors I mentioned offer packages for doing this....

On Fri, Jul 11, 2008 at 6:26 AM, Andy Steingruebl <steingra () gmail com> wrote:

There are a number of companies that specialize in doing
one-time-passwords with SMS as a delivery channel.  It might be a good
fit.  I'm fairly certain Verisign does this for their tokens.  I think
Arcot does this as well.

- Andy

On Thu, Jul 10, 2008 at 9:31 PM, charlesparker <alyosha.kumar () gmail com> wrote:


I'm looking for a 2-factor authentication solution for Outlook Web Access.
I'd like to avoid certificates and tokens, and it would be great if the
solution were out of band.  Any suggestions?
--
View this message in context: http://www.nabble.com/outlook-web-access-authentication-tp18396603p18396603.html
Sent from the Web App Security mailing list archive at Nabble.com.


-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What 
tools can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------




--
Andy Steingruebl
steingra () gmail com




-- 
Andy Steingruebl
steingra () gmail com

-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

Current thread:

outlook web access authentication charlesparker (Jul 11)
- Re: outlook web access authentication Andy Steingruebl (Jul 11)
  - Re: outlook web access authentication Andy Steingruebl (Jul 11)
- RE: outlook web access authentication Paul Melson (Jul 11)
  - Re: outlook web access authentication Rohit Lists (Jul 11)
- Re: outlook web access authentication pgershwin (Jul 15)
  - Re: outlook web access authentication agoldwater (Jul 25)
    - Re: outlook web access authentication charlesparker (Jul 26)