Swekey - the key to securing joomla
As you will have gathered by my blog posts I take the security of my joomla sites very seriously it even prompted another blogger "realise I needed to get smarter about passwords".
Even if you follow all the advice in those posts and the excellent advice in the Joomla Administrators Security Checklist you can never be too careful.
So it is no surprise that when a new security extension popped up in JED it picqued my interest.
The swekey is a USB dongle that acts as the master authentication key for any site you wish to use it on. If you think of your website like a car, a thief can smash the windows but unlike a car without the swekey they cant hotwire it and drive it off.
And its not just a one site solution. You can use the same key on as many sites as you want and not just joomla sites. Support is already provided for phpBB, WordPress, Drupal, MediaWiki, MantisBT, OpenID, PrestaShop, Putty, RoundCube Webmail, SquirrelMail, SSH, ZABBIX and phpMyAdmin.
How does Swekey authentication work?
Swekey authentication is based on a very simple and efficient client/server architecture. The client is the Swekey device itself. Each Swekey contains a unique id (the Swekey Id) and is able to generate a One Time Password (OTP) from a given Random Token (RT).
The Authentication Server (AS) is hosted and managed by Musbe, it generates the Random Tokens and verify the authenticity of the Swekey generated One Time Passwords.
More technical information, including details on how to built your own swekey authentication plugins can be found at the developer site.
Beta testing and evaluation report
I have been fortunate to have been beta testing this key since almost the beginning of this site and I'm impressed. (It can take alot to impress me as many extension developers will testify to). There were a few minor "issues" with the joomla implementation of the plugin but that's not surprising as the swekey developers had only had a few days to look at joomla before they sent me the evaluation key.
Each of those "issues" was addressed extremely promptly and suggestions for improvements were taken on board.
I'm definitely happy to put my stamp of approval on the swekey. It's easy to install, easy to use and most of all it is secure.