Thread: two factor authentication using SMS
View Single Post
  #2 (permalink)  
Old 2007-05-03
munrog munrog is offline
Member
  
Join Date: 2006-06-27
Location: New Zealand
Posts: 70
Rep Power: 3
munrog has an average reputation (10+)
Send a message via MSN to munrog Send a message via Skype™ to munrog
Default Re: two factor authentication using SMS
I have succesfully trialled both PortWise and Swivel as products to provide SMS authentication to Connectra clients. Also tried Firewall-1 and that worked to. Basically these both work as multiple Challenge radius. You may need to tell the Check Point to ignore some additional extended attributes. This is simple enough in the SmartDashboard GUI, but you may find it easier to resort to dbedit and enter multiple extended attribute values as elements.

The Portwise was much easier for the end users as it was a simple alphanumeric sequence.

Whereas Swivel sent an SMS that had a legend, a blank line and then a key which looked like this

1 2 3 4 5 6 7 8 9

w X ! 8 6 n R q m


With Swivel you have a personal identification number eg "3672", which from the above SMS would translate to a password of "!nRX". But because of the way it displayed the legend on the top then a blank line, then the authentication string with some randomised chars, it was very hard for the brain to get around and the users hated it.

hope this helps
Greg
Reply With Quote