MultiOTP explained

multiOTP
multiOTP
Developer:SysCo systèmes de communication sa
Latest Release Version:5.8.1.1
Programming Language:PHP
Operating System:Linux, Microsoft Windows
Platform:IA-32, x86-64, ARM, Raspberry Pi
Genre:Strong two-factor OTP Authentication server
License:LGPL

multiOTP is an open source PHP class, a command line tool, and a web interface that can be used to provide an operating-system-independent, strong authentication system. multiOTP is OATH-certified since version 4.1.0 and is developed under the LGPL license. Starting with version 4.3.2.5, multiOTP open source is also available as a virtual appliance—as a standard OVA file, a customized OVA file with open-vm-tools, and also as a virtual machine downloadable file that can run on Microsoft's Hyper-V, a common native hypervisor in Windows computers.

A QR code is generated automatically when printing the user-configuration page.

Overview

Spyware, viruses and other hacking technologies or bugs (such as Heartbleed) are regularly used to steal passwords. If a strong two-factor authentication system is used, the stolen passwords cannot be stored and later used because each one-time password is valid for only one authentication session, and will fail if tried a second time.[1]

multiOTP is a PHP class library. The class can be used with any PHP application using a PHP version of 5.3.0 or higher. The multiOTP library is provided as an all-in-one self-contained file that requires no other includes. If the strong authentication needs to be done from a hardware device instead of an Internet application, a request will go through a RADIUS server which will call the multiOTP command line tool. The implementation is light enough in order to work on limited computers, such as the Raspberry Pi.

History

2010

2011

2013

2014

2015

2016

2017

2018

2019

2020

2021

Features

For Windows, the multiOTP library is provided with a pre-configured RADIUS server (freeradius) which can be installed as a service. A pre-configured web service (based on mongoose) can also be installed as a service and is needed if we want to use the multiOTP library in a client/server configuration.Under Linux, the readme.txt file provided with the library indicates what should be done in order to configure the RADIUS server and the web service.All necessary files and instructions are also provided to make a strong authentication device using a Raspberry Pi nano-computer.Since version 4.3.2.5, ready to use virtual appliance is provided in standard OVA format, with open-vm-tools integrated and also in Hyper-V format.The client can strongly authenticate on an application or a device using different methods:

Standardization and normalization

multiOTP is Initiative For Open Authentication certified for HOTP and TOTP and currently supports the following algorithms and RFCs:

Scope of the class

The multiOTP class provides strong authentication functionality and can be used in different strong authentication situations:

Several free projects use the library:

See also

Notes and References

  1. Aslan . Ömer . Aktuğ . Semih Serkant . Ozkan-Okay . Merve . Yilmaz . Abdullah Asim . Akin . Erdal . January 2023 . A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions . Electronics . en . 12 . 6 . 1333 . 10.3390/electronics12061333 . 2079-9292. free .
  2. Web site: multiOTP PHP class: Authenticate and manage OTP strong user tokens. PHPclasses/Icontem . 30 October 2013.
  3. Web site: Application Security Forum - Western Switzerland 2011. Application Security Forum - Western Switzerland. 30 October 2013.
  4. Web site: ASF-WS 2011 Feitian token seed request. SysCo systèmes de communication sa. 30 October 2013.
  5. Web site: Application Security Forum - Western Switzerland 2013. Application Security Forum - Western Switzerland.
  6. Web site: Studerus Technology Forum - TEFO'13. Studerus. 2013-12-25. https://web.archive.org/web/20131226025445/http://www.studerus.ch/fr/tefo/?from=tefourl. 2013-12-26. dead.
  7. Web site: 2013-12-03 . PasswordsCon 2013 in Bergen . 2023-08-20 . securelist.com . en-US.
  8. Web site: PasswordsCon 2013. PasswordsCon.
  9. Web site: Application Security Forum - Western Switzerland 2014. 9 August 2014. Application Security Forum - Western Switzerland.
  10. Web site: Dev(Talks): 2015 . Catalyst (hipo.ro).
  11. Web site: multiOTP Credential Provider. multiOTP team. 1 February 2019.
  12. Web site: MultiOneTimePassword Credential Provider. Last Squirrel IT. 28 July 2015.
  13. Web site: One Time Password Backend for ownCloud. apps.ownCloud.com Team. 30 October 2013.
  14. Web site: 2FA Credential Provider for Windows. Fluid Technology Solutions Ltd. 30 October 2013. https://web.archive.org/web/20131002170307/https://www.fluidgroup.net/products/32-security/81-2fa-credential-provider-for-windows. 2 October 2013. dead.
  15. Web site: Strong Authentication in Web Application - State of the Art 2011. Compass Security AG. 30 October 2013.
  16. Web site: One-time passwords Bachelor thesis (in Czech). University of Economics, Prague. 30 October 2013.