多因素验证在任何组织中都具备一项重要的功能 - 保证企业网络访问的安全、保护用户身份资料,以及确保用户没有被盗用。

多因素验证可确保用户的身份准确性。用于确定个体身份的因素越多,真实性就越可靠。

您可通过组合以下因素进行多因素验证:

  • 您知道的东西 – 密码或 PIN
  • 您拥有的东西 – 令牌或智能卡(双因素验证)
  • 您自身的东西 – 生物特征,如指纹(三因素验证)

因为多因素验证安全需要登录时提供多种识别方式,所以被公认为数据和应用程序访问授权的最安全软件身份认证方法。

Open Authentication

HOTP

An HMAC-Based OTP Algorithm - RFC4226 TXT HTML PDF

TOTP

Time-based One-time Password Algorithm - RFC6238 TXT HTML PDF

Google authenticator - https://github.com/google/google-authenticator
Google authenticator android - https://github.com/google/google-authenticator-android
Go lang implemention - https://cloudbook.wiki/go/totp.md


Install Google Authenticator - https://support.google.com/accounts/answer/1066447

OCRA

OATH Challenge/Response Algorithms Specification - RFC6287 TXT HTML PDF

The Mission of the FIDO Alliance is to change the nature of online authentication by:

  • Developing technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users.
  • Operating industry programs to help ensure successful worldwide adoption of the Specifications.
  • Submitting mature technical Specification(s) to recognized standards development organization(s) for formal standardization.


Buy FIDO U2F from Amazon

Buy FIDO U2F from Taobao


Security Keys: Practical Cryptographic Second Factors for the Modern Web

  1. 一次成功的漫游京东内部网络的过程 - http://www.wooyun.org/bugs/wooyun-2014-055438