Authentication: Push

One of my goals before the end of the year is to protect my online accounts with multi-factor authentication. I’ve been protecting many of my identities with TOTP. TOTP is a great way to add multi-factor authentication to our identity.  It adds the “something I have” to the “something I know”. However, I’m now running into a major user experience issue with TOTP. I’ve got too many tokens!!! When I try and authenticate to one of these providers, I have to load the authenticator app and find the right code before typing it in.  This is easy when I only … Continue reading Authentication: Push

Citrix Workspace Authentication: Overview

One of the major issues with the current state of the end user computing environment is the number of identities a user is required to remember.  Almost every service or application a user subscribes to requires the user create a new identity and password. With so many identities, almost all of us use the same identity/password combination to simplify our life. But relying on passwords is not the best approach. Certain applications and services will allow us to integrate some type of multi-factor authentication, but we now end up with multiple identities, multiple authentication approaches with each service using a … Continue reading Citrix Workspace Authentication: Overview

Authentication: TOTP

Let’s make one thing perfectly clear… TOTP ≠ OTP OTP = One-Time Password TOTP = Time-based One-Time Password As discussed in the Two-Step Verification post, OTP sends the one-time password to the user’s mobile phone via SMS or to the user’s email address. TOTP, on the other hand, uses a local app on the mobile device to generate a pass-code. If we look at the factors for an app using a password and TOTP code, we see that it is something you know and something you have. When a user registers a mobile device, they receive a key (either as … Continue reading Authentication: TOTP