Alternative OpenDuino authentication

Fragment of a discussion from Talk:OpenDuino
Jump to: navigation, search

If, at first sight, you compare this to the current auth, this method is more secure. So I try to determine what were the conditions to come up with this procedure.

  • the user must give his password
  • the user has to be at the front door
  •  ??? I can't think of anything else

So procedure optimized as follows:

ask via authenticated webpage for a code.

that code is sent via sms and is valid 2h

show the code to the webcam (or via IR or bluetooth)

Gunstick19:47, 23 May 2011

The difference is that with a login, unless someone wrote down his/her password, you can be reasonably sure that the person entering it is the person s/he claims to be. So s/he needs to fulfill both requirements at the same time. However, if you're using a sheet, there is the risk of someone else stealing or finding it and thus not being who s/he claims to be. Ok, chances that this person (if s/he finds the sheet) knows what purpose it serves are rather slim, but not impossible. (my 2cents)

  • IR is not a viable alternative in my eyes because the costs involved will not be much lower than a wifi-capable device.
  • Bluetooth is almost as bad as rfid in terms of security. (And how do you get the code onto your phone in the first place if it isn't wifi capable?)
Kwisatz20:01, 23 May 2011
Personal tools