I've been looking at the TOTP open standard and there is a perl script written for FreeRadius. It's super easy to enroll the soft token on your phone by scanning the QR code. Plenty of clients across all mobile devices and you can get hard tokens if that's your bag. I really struggle why anyone would want to use anything else. On Jun 3, 2016 9:38 AM, "Nick Owen" <owen.nick@gmail.com> wrote:
On Thu, Jun 2, 2016 at 5:34 PM, Matthew Newton <mcn4@leicester.ac.uk> wrote:
On Thu, Jun 02, 2016 at 04:57:57PM -0400, Arran Cudbard-Bell wrote:
Certificates do the job just as well. Especially if they're encrypted.
3FA FTW!
OpenVPN service I've run for years has certs with encrypted keys, requires user logon, and shared key. Does that make it 4FA? :)
I bet you could convince an PCI auditor that it was. ;-)
-- -- Nick Owen WiKID Systems, Inc. http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html