Posts

privacyIDEA Authenticator – the better smartphone factor

privacyIDEA Authenticator Smartphone App

The smartphone is our daily tool and the digital copy of our own identity. This is not the place to discuss the social implications. We just state the fact.

The Smartphone as the second factor

Due to this fact many organisations and companies like to use smartphones for a security improved authentication process. The smartphone is “always” with the user and is the device, that is accepted by the user. Using applications like Google Authenticator the smartphone is supposed to become the second factor for authentication. Although the smartphone is obviously not as secure as a dedicated hardware token, the privacyIDEA Authentication System has supported smartphones as  a possible second factor right from the start.

But taking a look at a smartphone app like the Google Authenticator there are some security issues. We discussed this in detail in a previous blog post. The problems with the rollout process using the Key URI defined for the Google Authenticator, finally made us develop our own privacyIDEA Authenticator. As an Open Source company we use the Github-Repository to transparently develop the privacyIDEA Authenticator app.

Secure enrollment

The first and most important feature from the long feature list is securing the enrollment process. To do so, the privacyIDEA Authenticator allows to generate one key component on the smartphone itself and another key component on the privacyIDEA Server. The final OTP seed / key is generated from both components.

This way we avoid the easy cloning of the secret OTP seed during the enrollment process. By cloning the OTP seed users were easily able to create undistinguishable copies of the OTP token and thus making the smartphone as a second factor to identify the user useless. Using the privacyIDEA Authenticator you will be able to leave this problem behind.

Beta testing

The privacyIDEA Authenticator app is backward compatible with Google Authenticator and FreeOTP. Its full potential will be unleashed with the privacyIDEA Server starting with version 2.21. Starting with this version the mentioned two-step-enrollment is supported.

The privacyIDEA Authenticator app is available in a controlled beta state. privacyIDEA 2.21 will be available this month. Using the Python Package Index or the developer PPA repository for Ubuntu 14.04LTS or 16.04LTS you can already install the release candidate of the server.

Install using the Python Package Indes:

pip install privacyidea==2.21dev2

Or install using the PPA respository:

add-apt-repository ppa:privacyidea/privacyidea-dev

You can get more information about the installation in the online documentation.

If you want to test the privacyIDEA Authenticator app you are welcome to drop us a note. We will add you to the beta test. You have the possibility to influence the development of the app. The privacyIDEA Authenticator is currently available for Android. The installation during the beta tests is done via the Google play store. Thus you do not need to change any settings of your smartphone.

Get in touch to be part of the beta test!