outlook web access authentication
|
View:
New views
9 Messages
—
Rating Filter:
Alert me
|
 |
outlook web access authentication
by charlesparker
::
Rate this Message:
I'm looking for a 2-factor authentication solution for Outlook Web Access. I'd like to avoid certificates and tokens, and it would be great if the solution were out of band. Any suggestions?
|
|
|
Re: outlook web access authentication
by Andy Steingruebl
::
Rate this Message:
There are a number of companies that specialize in doing
one-time-passwords with SMS as a delivery channel. It might be a good fit. I'm fairly certain Verisign does this for their tokens. I think Arcot does this as well. - Andy On Thu, Jul 10, 2008 at 9:31 PM, charlesparker <alyosha.kumar@...> wrote: > > I'm looking for a 2-factor authentication solution for Outlook Web Access. > I'd like to avoid certificates and tokens, and it would be great if the > solution were out of band. Any suggestions? > -- > View this message in context: http://www.nabble.com/outlook-web-access-authentication-tp18396603p18396603.html > Sent from the Web App Security mailing list archive at Nabble.com. > > > ------------------------------------------------------------------------- > Sponsored by: Watchfire > Methodologies & Tools for Web Application Security Assessment > With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! > > https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F > ------------------------------------------------------------------------- > > -- Andy Steingruebl steingra@... ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- |
|
|
Re: outlook web access authentication
by Andy Steingruebl
::
Rate this Message:
Sorry to reply to my own post, but I suppose there isn't technically
any reason you can't write this yourself. You need a way to deliver SMS messages, a good PRNG, and storage for them. A user signs up and registers their mobile. You generate an OTP for them, store it, and SMS it to them They enter it after receiving it on their phone within XX minutes. The vendors I mentioned offer packages for doing this.... On Fri, Jul 11, 2008 at 6:26 AM, Andy Steingruebl <steingra@...> wrote: > There are a number of companies that specialize in doing > one-time-passwords with SMS as a delivery channel. It might be a good > fit. I'm fairly certain Verisign does this for their tokens. I think > Arcot does this as well. > > - Andy > > On Thu, Jul 10, 2008 at 9:31 PM, charlesparker <alyosha.kumar@...> wrote: >> >> I'm looking for a 2-factor authentication solution for Outlook Web Access. >> I'd like to avoid certificates and tokens, and it would be great if the >> solution were out of band. Any suggestions? >> -- >> View this message in context: http://www.nabble.com/outlook-web-access-authentication-tp18396603p18396603.html >> Sent from the Web App Security mailing list archive at Nabble.com. >> >> >> ------------------------------------------------------------------------- >> Sponsored by: Watchfire >> Methodologies & Tools for Web Application Security Assessment >> With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! >> >> https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F >> ------------------------------------------------------------------------- >> >> > > > > -- > Andy Steingruebl > steingra@... > -- Andy Steingruebl steingra@... ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- |
|
|
RE: outlook web access authentication
by Paul Melson-2
::
Rate this Message:
> I'm looking for a 2-factor authentication solution for Outlook Web Access.
> I'd like to avoid certificates and tokens, and it would be great if the > solution were out of band. Any suggestions? Two-factor OOB auth performed by OTP-over-SMS was popular in Europe for a while, especially in France where strong crypto was heavily regulated. Haven't seen this solution in a long time, but it's the only thing I can think of that matches your criteria. PaulM ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- |
|
|
Re: outlook web access authentication
by Rohit Sethi
::
Rate this Message:
I can't personally vouch for it, but I've heard of the "Grid
authentication"/"bingo-card" style tokens being used like the one offered by Entrust IdentityGuard (http://www.entrust.com/strong-authentication/user-authentication/methods.htm). Not sure if this will suit your needs. Cheers, Rohit Sethi Security Compass http://www.securitycompass.com On Fri, Jul 11, 2008 at 11:02 AM, Paul Melson <pmelson@...> wrote: >> I'm looking for a 2-factor authentication solution for Outlook Web Access. > >> I'd like to avoid certificates and tokens, and it would be great if the >> solution were out of band. Any suggestions? > > Two-factor OOB auth performed by OTP-over-SMS was popular in Europe for a > while, especially in France where strong crypto was heavily regulated. > Haven't seen this solution in a long time, but it's the only thing I can > think of that matches your criteria. > > PaulM > > > > ------------------------------------------------------------------------- > Sponsored by: Watchfire > Methodologies & Tools for Web Application Security Assessment > With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! > > https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F > ------------------------------------------------------------------------- > > ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- |
|
|
Re: outlook web access authentication
by pgershwin
::
Rate this Message:
You might give PhoneFactor a go. They have a special agent for OWA which you install directly on the Exchange Server. It's free and it takes about half an hour to install. It relies on a wireless phone or wireline phone to provide the 2-factor Authentication.
|
|
|
Re: outlook web access authentication
by agoldwater
::
Rate this Message:
Good think about PhoneFactor is that for very limited user inconvenience (Press "#" in response to an in-coming call), she gets pretty robust 2-factor Authentication. It is well understood that better authentication requires sacrifice, but in this case, you get a whole lot of benefit for limited pain.
|
|
|
Re: outlook web access authentication
by charlesparker
::
Rate this Message:
Thanks for all the great advice! I happened to look over PhoneFactor. Looks like it is free to use a limited version, and they happen to have an OWA Authentication agent to make setup on an Exchange server easier. I like the idea of using the phone channel as the 2nd-factor channel for a variety of reasons. |
|
|
Re: outlook web access authentication
by Scooby
::
Rate this Message:
You could also check out a company named ID Control www.idcontrol.com they offer SMS based OTP authentication (MessageID), a Mobile OTP application running on your phone which is (HandyID), but also keystroke recognition (KeystrokeID) and are more price interesting I think!
Ciao, Hans |
| Free embeddable forum powered by Nabble | Forum Help |
