The traditional approach to authentication for access control is username and password. Remembering each and every set of unique credentials for different applications is a challenge for users. In November 2013, a report was published showing that most popular user password is "123456" and "password" is the next in line. From this, it can be seen that ease of use is often more important to many users than the security of a complex password.
The IBM Security Access Manager for Web (ISAM4Web) reverse proxy is commonly deployed with username/password authentication. However, it includes an extensible integration point for alternative authentication mechanisms. This white paper will demonstrate how to utilize this integration point, the External Authentication Interface (EAI), to support one-time password (OTP) authentication using the Yubikey technology.