Good passwords are hard to remember, bad passwords do not protect us.
Generate a complex unique password for each site and never reuse it on other sites. This is a good recommendation for security instructions and corporate policies, but it is hard to implement it. We should be honest enough to recognize that most users will not use good passwords. That means that an access system based only on passwords is unsafe.
By using Blitz Identity Provider you will be able to rely on many different authentication mechanisms. You just have to choose and switch on those that suit you now. You will also be able to define which methods will be available to which user. And that’s not all: Blitz Identity Provider is constantly evolving. By installing a new version of our product you can configure new login methods.
A smartphone is a device that the user always tries to take with himself. It is convenient to use it in two-factor authentication schemes as an alternative to smartcard / USB tokens.
In this case when a user enters the application through Blitz Identity Provider and enters the login / password, a push message is sent to the smartphone.
The user can review the details of the request and confirm / reject the login attempt. As a result, the smartphone sends the user’s response to the authentication server.
An important advantage of such two-factor authentication is the use of two independent channels of interaction (out-of-band authentication). The first one is when checking the password (“PC → server” channel). The second is when checking the possession of the object (“smartphone → server” channel).
Smartcards and digital signatures
Smartcards and USB tokens are used for strong two-factor authentication. The first “factor” is the verification of knowledge of the PIN code, and the second is the verification of possession of a unique object containing an unrecoverable cryptographic key.
Blitz Identity Provider supports strong two-factor authentication using popular smartcards and USB tokens in popular operating systems (Windows / Linux / macOS) and browsers.
One-time SMS codes
Connect Blitz Identity Provider to the SMS gateway – and your users will be able to receive verification codes sent to SMS for two-factor authentication.
If the user owns a U2F token (FIDO U2F), then in the Blitz Identity Provider he can bind it to his account and use it as the second authentication factor method.
Software TOTP generators
The Blitz Identity Provider supports two-factor authentication using any software TOTP generators (RFC 6238). For example, to check the second factor, you can use the verification codes generated on the smartphone using Google Authenticator.
Hardware OATH HOTP/TOTP-tokens
You press the button on the token to generate a one-time numeric confirmation code (one-time password). You see the code on the display. Sometimes the code is automatically inserted into the screen form (when the device is connected via USB).
The use of generators solves the problems of compromising passwords, intercepting data by keyloggers, stealing remembered passwords and “peeping from behind”.
The token must first be linked with the user account. To do this, Blitz Identity Provider provides functions for managing the HOTP / TOTP tokens of the organization and assigning tokens to users.
As a result of erroneous pressing the HOTP token key, the desynchronization of the state may occur – in this case Blitz Identity Provider has the synchronization functions for the HOTP-tokens.
Blitz Identity Provider supports the use of any hardware generators that generate codes by status (HOTP, RFC 4226) or by time (TOTP, RFC 6238).