Reply to comment

Quite some time ago I put together a proof of concept illustrating the relative simplicity by which a multi factor authentication system, sometimes referred to as two factor authentication could be established for web services.

My basic design concept was to use server-side technologies to create and store an authenticated session key having achieved strong authentication with the client browser.

A couple of design parameters that I set myself early on during the development stage was to ensure ease of integration with existing web sites and the lowest possible cost in development time and maintenance while achieving the primary goal of strong authentication.

Having achieved this basic concept (a demo site can be seen at http://www.david-c-evans.com/mfa) I have now decided to breath new life into the project and improve upon the design while hopefully streamlining the and enhancing the code.

**NOTE: There appears to be a problem with the demo site login right now. I will fix this very shortly. ** - ALL FIXED NOW!!!

This time around my goal is to build upon the original design and include mutual authentication aspects along with adopting a 'captcha' style element for masking the extended authentication request from the server.

To track the design enhancements I have decided to resurrect the forum once attached to this site to show code changes and improvements to this new release not only by myself but also any other individuals who wish to contribute to the project. Of course I am providing this as an Open Source development effort for all to use as they see fit.

I'll update this page when I have the code available for download as a package along with the relevant SQL backend.

Until then watch this space!