WiKID Two-Factor Authentication plugin for PAS (0.2)

WiKIDAuthPlugin is a Plone PAS plugin that once installed in the user folder will enable WiKID two-factor authentication for your Plone site.  This is a very basic release.  It was tested on 2.5.3 and on 3.0.6.  If there is interest in this product, we will certainly work to make it better.  It requires pyOpenSSL and version 3.0 or higher of the WiKID Strong Authentication Server.

WiKID is a dual-source two-factor authentication system. It consists of: a PIN, stored in the user's head; a small, lightweight client that encapsulates the private/public keys; and a server that stores the public keys of the client's and the user's PIN. When the user wants to login to a service, they start the client and enter their PIN, which is encrypted and sent to the server. If the PIN is correct, the account active and the encryption valid, the user is sent a one-time passcode to use instead of a static password.  The token client can run on a Windows, Mac or Linux PC or a wireless device such as a Blackberry, J2ME cellphone or Smartphone.

The WiKID PC tokens support mutual https authentication, thwarting network-based Man-in-the-middle attacks.  Simply add the https URL of
your Plone site to the domain as the "Registered URL".  Combining SSL, mutual authentication, two-factor authentication and Plone's robust security
and access control makes for a very secure site.