The IT security company Netknights releases version 3.9 of its professional multi-factor authentication software privacyIDEA. The new token types daily password and application specific password allow administrators to centrally manage authentication to existing applications in privacyIDEA, even in heterogeneous environments. Authentication with PUSH tokens and the management of SSH keys has been improved. The new version is available now via the Python Package Index and in the community repositories for Ubuntu 20.04 and 22.04.
New types of Tokens: daily passwords and application specific passwords
Within heterogenous corporate networks, at universities and in grown structures, modern authentication methods such as FIDO2 cannot be implemented extensively.
Therefore, privacyIdea 3.9 offers two new types of tokens to ensure a central management. These new token can be used by admins and users and managed alongside with their other tokens in privacyIDEA.
The daily password is a code, which is valid for a specific and configurable period of time. This way, users can log in to applications, which cache login data. The privacyIDEA authenticator app offers the equivalent on the user interface.
Some smartphone clients (e.g. email-clients) store the domain password to provide the corresponding functionality on the smartphone. To prevent a user from having to use the domain password, privacyIDEA allows users to define passwords only for one specific application but not for other ones. This protects the more sensitive domain password. Nevertheless, the centralized management enables users and administrators, to maintain a clear overview.
SSH key management
privacyIDEA can manage SSH keys. By doing that, it can be defined which SSH-Keys have access to which servers.
The new version enables users and administrators to create server-groups such as „webserver“ or „productive applicationserver“. This makes the configuration more easier, as new servers only have to be included in the corresponding server group.
PUSH-login improved
PrivacyIDEA in combination with the privacyIDEA authenticator enables an easy authentification via PUSH-notification.
Within version 3.9 users can decline PUSH-notifications, which leads to a cancellation of the login process on the server.
Moreover, more mechanisms were developed to prevent hacking via PUSH-notifications (also called PUSH fatigue).
You can find all changes in detail in the changelog on GitHub. At Github, all components of privacyIDEA are also being further developed as open source software under AGPLv3 under the leadership of NetKnights GmbH.
Availability
The new version 3.9 of privacyIDEAis now available via the Python Package Index as well as in the comunity repositories for Ubuntu 20.04 and 22.04. Additionally, Netknights GmbH offers the Enterprise Edition with support for Ubuntu LTS, RHEL/CentOS and appliance tool and performs custom development for special requirements.
About privacyIDEA
privacyIDEA is an open source multi-client and multi-instance capable system for multi-factor authentication. The development is done transparently at Github. The administrator can easily install or update the system via the Python Package Index or Ubuntu repositories. A few weeks after the community major version is released, NetKnights will also release a stable enterprise version for Ubuntu LTS and RHEL/CentOS.
You can get more information about development and news at https://netknights.it/aktuelles/.
Link to privacyIDEA project: www.privacyidea.org/privacyidea-3-9-released/