The IT security provider Netknights has updated its free multi-factor authentication software and released privacyIDEA 3.5. With this version, users can for the first time also roll out PIV smart cards (Personal Identity Verification) and have them certified by privacyIDEA. Users can then use the smart cards to log in or for digital signatures.

PIV devices can do this in NIST SP 800 – 73 defined Personal Identity Verification Interface (FIPS 201 ). For example, the current Yubikey tokens YubiKey 5 NFC, YubiKey 5 Nano, YubiKey 5C and YubiKey 5C offer their smartcard functions via this interface.

New methods for authentication and for admins Further innovations of privacyIDEA 3.5 are the completely revised four-eyes token. With this, administrators can set how many users from defined groups can only log in together as a particularly sensitive account. Technically, the multi-challenge response introduced in privacyIDEA 3.4 is used for this. The developers have completely revised the workflow so that the software prompts additional users to log in with new challenges. The procedure works transparently via the RADIUS protocol and should therefore also work in scenarios such as logging on to a Citrix Netscaler or other VPN solutions.

Must sign up for particularly sensitive accounts If several users register, privacyIDEA requests the additional data through further challenges.

(Image: Netknights)

When rolling out x 509 – privacyIDEA can now require certificates to be accompanied by an attestation certificate. This ensures that the certificate request was generated on a smart card and is a prerequisite for the management of the smart cards via privacyIDEA. Netknights has successfully tested the function with the Yubikey. privacyIDEA 3.5 now masters its relevant authentication mechanisms: OTP, U2F, FIDO2 and x 201.

The Dashboard, also introduced in version 3.4, now also shows the names of unsuccessful login attempts and links them to the data stored for the user. This enables service desk employees to access the details more quickly to solve problems. Adminis can specify in advance which data fields will be displayed to the service crew.

privacyIDEA 3.5 is under the AGPLv3. The software is now available via the Python Package Index and in the community repositories for Ubuntu 16. 04, 18. 04 and recently also 20. 04. In addition, NetKnights offers an Enterprise Edition with support for Ubuntu LTS and RHEL / CentOS and carries out contract developments for special requirements.

(avr)