I have a client for which i've developed a web app that has user/password bu he wants an extra layer of authentication.
Will I be able to use this class and harware tokens like this: http://www.ftsafe.com/products/OTP-C200.html to acheive this?
What must I ensure on the server system time?
Will any user that would be able to buy another harware token, not provided by my client, be able to login (if he knew the user/pass)?
The problem is that my client ONLY wants to let the users access the app from INSIDE his permisses (several all over the country) and not at home. So an hardware token would be available at the permisses in order the users be able to login with their account.
André Liechti - 2010-12-29 18:32:58 - In reply to message 1 from Wonderm00n
Yes, you are right, the OTP-C200 will do the job. To be able to log in successfully, the seed of the token MUST BE authorized on the server side, each token (hardware like Feitian or software based) must be authorized on the server side.