Alternative OpenDuino authentication
From Talk:OpenDuino
Revision as of 23 May 2011 at 18:47.
The [/w/index.php?title=Talk:OpenDuino&offset=20110523184722&lqt_mustshow=22 highlighted comment] was created in this revision.
The [/w/index.php?title=Talk:OpenDuino&offset=20110523184722&lqt_mustshow=22 highlighted comment] was created in this revision.
feel free to modify these or add your own.
[edit] Possibility A
- Step 1: Log in to an application (ideally a mematool addon)
- Step 2: Print a QrCode that will be valid for at most 2h
- Step 3: Show your QrCode to a webcam installed at the Space's front door
- Step 4: OpenDuino will verify your qrcode and send you a confirmation code to your mobile phone.
- Step 5: You will get an SMS (of course you'll need a mobile phone and have your number registered with us) with a verification code
- Step 6: Show the verification code to the webcam or scribble it on a sheet of paper.
- Step 7: OpenDuino will confirm that you are who you claim to be.
If, at first sight, you compare this to the current auth, this method is more secure. So I try to determine what were the conditions to come up with this procedure.
- the user must give his password
- the user has to be at the front door
- ??? I can't think of anything else
So procedure optimized as follows:
ask via authenticated webpage for a code.
that code is sent via sms and is valid 2h
show the code to the webcam (or via IR or bluetooth)
