Alternative OpenDuino authentication

Jump to: navigation, search
Revision as of 23 May 2011 at 19:01.
The [/w/index.php?title=Talk:OpenDuino&offset=20110523190102&lqt_mustshow=23 highlighted comment] was created in this revision.

feel free to modify these or add your own.

[edit] Possibility A

  • Step 1: Log in to an application (ideally a mematool addon)
  • Step 2: Print a QrCode that will be valid for at most 2h
  • Step 3: Show your QrCode to a webcam installed at the Space's front door
  • Step 4: OpenDuino will verify your qrcode and send you a confirmation code to your mobile phone.
  • Step 5: You will get an SMS (of course you'll need a mobile phone and have your number registered with us) with a verification code
  • Step 6: Show the verification code to the webcam or scribble it on a sheet of paper.
  • Step 7: OpenDuino will confirm that you are who you claim to be.
    Kwisatz19:23, 23 May 2011

    If, at first sight, you compare this to the current auth, this method is more secure. So I try to determine what were the conditions to come up with this procedure.

    • the user must give his password
    • the user has to be at the front door
    •  ??? I can't think of anything else

    So procedure optimized as follows:

    ask via authenticated webpage for a code.

    that code is sent via sms and is valid 2h

    show the code to the webcam (or via IR or bluetooth)

      Gunstick19:47, 23 May 2011

      The difference is that with a login, unless someone wrote down his/her password, you can be reasonably sure that the person entering it is the person s/he claims to be. However, if you're using a sheet, there is the risk of someone else stealing or finding it and thus not being who s/he claims to be. Ok, chances that this person (if s/he finds the sheet) knows what purpose it serves are rather slim, but not impossible. (my 2cents)

      • IR is not a viable alternative in my eyes because the costs involved will not be much higher than a wifi-capable device.
      • Bluetooth is almost as bad as rfid in security terms. (And how do you get the code onto your phone in the first place if it isn't wifi capable?)
        Kwisatz20:01, 23 May 2011
         
         
        Personal tools
        Namespaces

        Variants
        Actions
        Navigation
        syn2cat
        Hackerspace
        Activities
        Initiatives
        Community
        Tools
        Tools