Alternative OpenDuino authentication

Jump to: navigation, search
Revision as of 23 May 2011 at 19:24.
The [/w/index.php?title=Talk:OpenDuino&offset=20110523190102&lqt_mustshow=23 highlighted comment] was edited in this revision. [diff]

feel free to modify these or add your own.

[edit] Possibility A

  • Step 1: Log in to an application (ideally a mematool addon)
  • Step 2: Print a QrCode that will be valid for at most 2h
  • Step 3: Show your QrCode to a webcam installed at the Space's front door
  • Step 4: OpenDuino will verify your qrcode and send you a confirmation code to your mobile phone.
  • Step 5: You will get an SMS (of course you'll need a mobile phone and have your number registered with us) with a verification code
  • Step 6: Show the verification code to the webcam or scribble it on a sheet of paper.
  • Step 7: OpenDuino will confirm that you are who you claim to be.
    Kwisatz19:23, 23 May 2011

    If, at first sight, you compare this to the current auth, this method is more secure. So I try to determine what were the conditions to come up with this procedure.

    • the user must give his password
    • the user has to be at the front door
    •  ??? I can't think of anything else

    So procedure optimized as follows:

    ask via authenticated webpage for a code.

    that code is sent via sms and is valid 2h

    show the code to the webcam (or via IR or bluetooth)

      Gunstick19:47, 23 May 2011

      The difference is that with a login, unless someone wrote down his/her password, you can be reasonably sure that the person entering it is the person s/he claims to be. So s/he needs to fulfill both requirements at the same time. However, if you're using a sheet, there is the risk of someone else stealing or finding it and thus not being who s/he claims to be. Ok, chances that this person (if s/he finds the sheet) knows what purpose it serves are rather slim, but not impossible. (my 2cents)

      • IR is not a viable alternative in my eyes because the costs involved will not be much lower than a wifi-capable device.
      • Bluetooth is almost as bad as rfid in terms of security. (And how do you get the code onto your phone in the first place if it isn't wifi capable?)
        Kwisatz20:01, 23 May 2011
         
         
        Personal tools
        Namespaces

        Variants
        Actions
        Navigation
        syn2cat
        Hackerspace
        Activities
        Initiatives
        Community
        Tools
        Tools