MultiOTP

multiOTP
Developer(s) SysCo systèmes de communication sa
Initial release 7 June 2010 (2010-06-07)
Stable release 4.3.2.6 / 18 July 2015 (2015-07-18)
Development status Active
Written in PHP
Operating system Linux, Microsoft Windows
Platform IA-32, x86-64, ARM
Type OTP Authentication server
License LGPL
Website www.multiotp.net

multiOTP is an open source PHP class, a command line tool and a web interface that can be used to provide an operating system independent strong authentication system. multiOTP is OATH certified since version 4.1.0 and is developed under the LGPL license. Starting with version 4.3.2.5, multiOTP open source is also available as a virtual appliance - as a standard OVA file, a customized OVA file with open-vm-tools, and also as an Hyper-V downloadable file.

Overview

Spyware, viruses and other hacking technologies or bugs (like Heartbleed) are regularly used to obtain stolen passwords typed by the user. If a strong two factor authentication system is used, the stolen passwords cannot be stored and later used because each password (called OTP for One Time Passwords) is only valid for one authentication session and will fail if used a second time.

multiOTP is a PHP class library. The class can be used with any PHP application using a PHP version of 5.3.0 or higher. The multiOTP library is provided as an all-in-one self-contained file that requires no other includes. If the strong authentication needs to be done from a hardware device instead of an Internet application, a request will go through a RADIUS server which will call the multiOTP command line tool. The implementation is light enough in order to work on limited computers, such as the Raspberry Pi.

History

Features

For Windows, the multiOTP library is provided with a pre-configured RADIUS server (freeradius) which can be installed as a service. A pre-configured web service (based on mongoose) can also be installed as a service and is needed if we want to use the multiOTP library in a client/server configuration. Under Linux, the readme.txt file provided with the library indicates what should be done in order to configure the RADIUS server and the web service. All necessary files and instructions are also provided to make a strong authentication device using a Raspberry Pi nano-computer. Since version 4.3.2.5, ready to use virtual appliance is provided in standard OVA format, with open-vm-tools integrated and also in Hyper-V format. The client can strongly authenticate on an application or a device using different methods:

Standardization and normalization

multiOTP is OATH certified for HOTP and TOTP and supports currently the following algorithms and RFC's:

Scope of the class

The multiOTP class provides strong authentication functionalities and can be used in different strong authentication situations:

Several free projects use the library:

See also

References

  1. "multiOTP PHP class: Authenticate and manage OTP strong user tokens". PHPclasses/Icontem. Retrieved 30 October 2013.
  2. "Application Security Forum - Western Switzerland 2011". Application Security Forum - Western Switzerland. Retrieved 30 October 2013.
  3. "ASF-WS 2011 Feitian token seed request". SysCo systèmes de communication sa. Retrieved 30 October 2013.
  4. "Application Security Forum - Western Switzerland 2013". Application Security Forum - Western Switzerland.
  5. "Studerus Technology Forum - TEFO'13". Studerus.
  6. "Passwords^13". PasswordsCon.
  7. "Application Security Forum - Western Switzerland 2014". Application Security Forum - Western Switzerland.
  8. "Dev(Talks): 2015". Catalyst (hipo.ro).
  9. "MultiOneTimePassword Credential Provider". Last Squirrel IT. Retrieved 28 July 2015.
  10. "One Time Password Backend for ownCloud". apps.ownCloud.com Team. Retrieved 30 October 2013.
  11. "2FA Credential Provider for Windows". Fluid Technology Solutions Ltd. Retrieved 30 October 2013.
  12. "Strong Authentication in Web Application - State of the Art 2011" (PDF). Compass Security AG. Retrieved 30 October 2013.
  13. "One-time passwords Bachelor thesis (in Czech)". University of Economics, Prague. Retrieved 30 October 2013.
This article is issued from Wikipedia - version of the Wednesday, December 23, 2015. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.