Entries by Cornelius Kölbel

Consolidation of the market and migrations

IT security is on everyone’s lips today. But everyone understands something different about it: Pen-tests; secure coding or exploits; antivirus, antispam; data protection; still firewalls; security consulting; identity management; authentication. The subject of IT security is a broad spectrum. And that’s why everyone is also concerned with “IT security”. We deal with the special field of secure or strong authentication – multi-factor authentication.

The status quo of proprietary software and the market

IT security companies are often very specialized and therefore rather small companies. A few years ago this was even more true. Many important players in the market had fewer than a few hundred employees worldwide.

But because everyone was talking about IT security, the topic and thus these companies also became more attractive for larger companies and the merry-go-round of mergers and acquisitions picked up speed. Who still does know  Safeword Tokens? Secure Computing, Aladdin, SafeNet, Gemalto, Thales gave and give themselves a lively change of company names and product labels. Aladdin, SafeNet and Gemalto once had their own smartcard products and portfolios. These have now finally merged into Gemalto. 

In a merger, the company also grows its product portfolio. It is like after Christmas – new toys are coming, old ones have to leave the children’s room! And like this the grown company will also clean up its product portfolio. Products like SafeWord 2008, SAM Express and this year SafeNet Authentication Manager (the OTP part) will go end-of-life.

Death in a proprietary world

In the case of proprietary software, end-of-life often means the end of the software. If the manufacturer has licensed the software on a per-user basis, it is not possible for you as a customer to purchase even one additional user license for this software after End-of-Life! If you want to roll out second factors for new users in your company after the End-of-Life, then this is no longer possible. You have only licensed 1000 users? The 1000-and-first user can no longer receive a 2FA token in the old system! License exceeded!

Not only because of the missing support and the missing further development – No, even because of the missing functionality you are forced to migrate away from your existing system.

Manufacturers often offer supposedly attractive migration paths to the other proprietary product in their portfolio. But you know that migrations are expensive and time-consuming.

Pain point: Multi-Factor-Authentication

The migration of a multi-factor system comes with unwanted pain factors. Two-factor authentication usually means the combination of knowledge and some ownership. The ownership factor (Hardware token or a registered smartphone app…) is bound to the backend and simultaneously distributed to the user. Distributed in the field. Worldwide.

In extreme cases, the migration of an ownership factor can mean that the ownership factors distributed out there have to be collected and new ownership factors distributed.

Depending on the number of users, the structure of your company, the workflow of the users, this can be a lengthy, expensive and painful process – even if the new product comes from the same vendor. (It doesn’t come from the same manufacturer, but only from the same portfolio after the merger!)


Our employees have been working in the field of two-factor or multi-factor authentication since 2004 and therefore understand the pain of our customers. We have integrated this experience into privacyIDEA.

Already for some time privacyIDEA provides you with a smooth migration. Without any time pressure you run privacyIDEA and your old software in parallel, without the user having to notice anything about it. Step by step you roll out new tokens within privacyIDEA.

With the upcoming version 3.1 it will also be possible to import the seeds of old, existing tokens into privacyIDEA and automatically assign the tokens to the users and set the old token PIN automatically. No need to re-enroll tokens. Nothing to do for the users, minimal effort for the IT.

Many customers, such as Klinikum Hanau, already rely on privacyIDEA and have successfully migrated to privacyIDEA.

Look at the future

And if you want to migrate away from privacyIDEA? Why?

privacyIDEA is Open Source. With privacyIDEA you never meet the fate that you cannot roll out the 1000-and-first user. privacyIDEA is running. Will be running. Forever.

Invest in your future! Invest in Open Source! Invest in privacyIDEA!

, ,

NetKnights presents Two-Factor solution privacyIDEA at business fair it-sa

NetKnights will again be exhibiting at the business fair it-sa in Nuremberg this year.

From October 8th to 10th 2019, the who-is-who of German and international IT security providers will meet at the Nuremberg Exhibition Centre. Visitors will have the opportunity to get first-hand information about innovations and roadmaps of the security products.

NetKnights will be co-exhibiting with ownCloud in Hall 10.0, Stand 412. There we will present the multi-factor authentication system privacyIDEA, which can extend ownCloud in corporate environments by various second factors and thus reliably protect your business-critical data. Once rolled out in your company, privacyIDEA also allows secure login to other web applications, remote login, VPN, desktops and terminal servers…

Drop us a note and set up a meeting to discuss, how privacyIDEA can help to increase logon security in your network.

, ,

NetKnights presents privacyIDEA at the ownCloud Conference

In September the anual ownCloud Conference is held in Nuremberg, Germany. There companies that use ownCloud, developers from the community or ownCloud partners meet to hear about new developments and plans and to exchange their experiences.

ownCloud is an important partner to NetKnights. The privacyIDEA ownCloud Plugin is a stable software, which allows to enhance ownCloud with many different types of two factor authentication. A lot of companies and customers are using this privacyIDEA component, to protect the web access to their ownCloud installation.

Talk and stand

NetKnights will have a stand, a demo point where you can take a look at ownCloud in combination with privacyIDEA, check the different two factor mechnisms and ask us all your questions about 2FA with ownCloud.

We will also present new features like authenticating at ownCloud with the new privacyIDEA Push Token. In this case, after the user has authenticated with his username and password at the ownCloud Web UI, he gets a notification on his smartphone, which he simply has to confirm and then he will be logged in.


Cornelius Kölbel will also give a talk about this topic on September 18th. And he will also show, how the Push Token mechanism can be combined with any other two factor authentication mechanism in privacyIDEA like HOTP, TOTP, Yubikey, Email, SMS…



Ask us, if you already have questions upfront or if you want to make up an appointment at the ownCloud Conference.


Multi factor authentication system privacyIDEA at the Texas Linuxfest

privacyIDEA will be present at the Texas LinuxFest in Dallas on May 31st and June 1st.

Cornelius Kölbel will conduct a workshow in which participants will install the multi-factor authentication system privacyIDEA in an existing network, read users from an AD, assign tokens and extend access to ownCloud, NGinX or SSH to include two-factor authentication. Single Sign On is an important mechanism for making users’ lives easier. But protecting this single login is all the more important. Protect SSO with a second factor. The workshop will look at two-factor authentication with privacyIDEA on Keycloak or simpleSAMLphp.

The next day, Cornelius Kölbel will give a talk on how companies and larger user groups can easily migrate an existing 2FA solution to privacyIDEA.

If you are interested in these topics, please do not hesitate to contact us.

privacyIDEA Enterprise Edition 3.0.1 released

Today the privacyIDEA Enterprise Edition 3.0.1 was published. It is the stable bug-fixing release for our enterprise customers which fixes problems from version 3.0.

Push Token

For the new push token function, errors have been fixed and operability has been improved.

  • Add logic checking to setup of PUSH token (#1592)
  • Remove double enrollment notification of PUSH token in WebUI (#1598)
  • Fix to allow spaces in Firebase configuration (#1599)
  • Add support for iOS Firebase configuration (#1608)
  • Fix to allow PUSH token enrollment, even with Label-policy (#1589)
  • Fix to mark PUSH token challenge answered in the database (#1584)

(The numbers in brackets indicate the Github-Issues)

Stable Enterpsie Edition

In addition, the following issues have been fixed or functionality has been improved:

  • Fix the validity period of the registration token (#1587)
  • Beautify the vertical alignment in the Web UI top menu (#1559)
  • Fix user cache configuration read – defaults to 0 (#1596)
  • Remove links in audit log for normal users (#1497)
  • Check UI rights for user resolvers (#1496)
  • Fix placeholder in realm dropdown in login dialog (#1498)
  • Fix enckey creation in Python 3 (#1594)
  • Allow the usage if “browserLanguage” in custom templates (#1620)
  • Open all accordions when searching for policy action (#1558)
  • Fix to hide support links also in menu (#1626)

Secure your network

Version 3.0.1 is publicly available and can be easily installed via the Python Package Index or via repositories for Ubuntu 16.04LTS and 18.04LTS.

Our enterprise customers have been informed about the updates. They also have a repository for Red Hat Enterprise Linux 7 and an appliance application at their disposal. If you are interested in the Enterprise Edition, click here to learn more.

If you want to stay up to date, please subscribe to our newsletter.

Secure two factor authentication with iOS devices

Full flexibility and improved security for the heterogenous enterprise scenarios

The privacyIDEA authentication system supports a lot of different token types. We support Google Authenticator and compatible smartphone apps right from the start. But the rollout process, which is defined by the Google Authenticator has certain weeknesses during rollout. The privacyIDEA Authenticator addresses and solves these issues.

Use privacyIDEA Authenticator to avoid identity theft

The privacyIDEA Authenticator is now also available for iOS devices. This way companies have the chance to get their 2FA system and workflow in one piece and allow a more secure enrollment, using the two step enrollment of the privacyIDEA Authenticator. This mitigates the risk of copying tokens during enrollment and avoids identity theft within your company.


The App is available in Google Play store and Apple itunes.

Flexible Two-Factor Authentication at ownCloud

With the new version 2.5 of the privacyIDEA ownCloud plugin, the administrator can now decide in which case he wants users to authenticate with a second factor and when one factor is enough. The administrator can make this dependent on the IP address of the requesting client. For example, he can force access from the […]


CIO Applications Europe: Netknights achieves top international ranking

This year, the trade magazine “CIO Applications Europe” has chosen NetKnights as one of the TOP25 security companies. The editors emphasized the great success of Netknights meeting the individual needs of companies from different industries – for example the healthcare sector, where the privacyIDEA system cooperates with famos IT solutions such as Citrix, NetScaler, CiscoASA and also with many VPN and firewalls. Thus far, the print magazine is one of the leading IT media brands in Europe. Its rankings lay a special editorial focus on important technological innovations among various sectors.