Thread history

From Talk:OpenDuino
Viewing a history listing
Jump to: navigation, search
descTime User Activity Comment
19:24, 23 May 2011Kwisatz (Talk | contribs)Comment text edited 
19:14, 23 May 2011Kwisatz (Talk | contribs)Comment text edited 
19:02, 23 May 2011Kwisatz (Talk | contribs)Comment text edited 
19:01, 23 May 2011Kwisatz (Talk | contribs)New reply created (Reply to Alternative OpenDuino authentication)
18:47, 23 May 2011Gunstick (Talk | contribs)New reply created (Reply to Alternative OpenDuino authentication)
18:26, 23 May 2011Kwisatz (Talk | contribs)Comment text edited (‎A) Possibility 1: hmm..)
18:24, 23 May 2011Kwisatz (Talk | contribs)Changed subject from "Alternative OpenDuino logins" to "Alternative OpenDuino authentication" (layout)
18:24, 23 May 2011Kwisatz (Talk | contribs)Comment text edited (layout)
18:23, 23 May 2011Kwisatz (Talk | contribs)New thread created 

feel free to modify these or add your own.

[edit] Possibility A

  • Step 1: Log in to an application (ideally a mematool addon)
  • Step 2: Print a QrCode that will be valid for at most 2h
  • Step 3: Show your QrCode to a webcam installed at the Space's front door
  • Step 4: OpenDuino will verify your qrcode and send you a confirmation code to your mobile phone.
  • Step 5: You will get an SMS (of course you'll need a mobile phone and have your number registered with us) with a verification code
  • Step 6: Show the verification code to the webcam or scribble it on a sheet of paper.
  • Step 7: OpenDuino will confirm that you are who you claim to be.
Kwisatz19:23, 23 May 2011

If, at first sight, you compare this to the current auth, this method is more secure. So I try to determine what were the conditions to come up with this procedure.

  • the user must give his password
  • the user has to be at the front door
  •  ??? I can't think of anything else

So procedure optimized as follows:

ask via authenticated webpage for a code.

that code is sent via sms and is valid 2h

show the code to the webcam (or via IR or bluetooth)

Gunstick19:47, 23 May 2011

The difference is that with a login, unless someone wrote down his/her password, you can be reasonably sure that the person entering it is the person s/he claims to be. So s/he needs to fulfill both requirements at the same time. However, if you're using a sheet, there is the risk of someone else stealing or finding it and thus not being who s/he claims to be. Ok, chances that this person (if s/he finds the sheet) knows what purpose it serves are rather slim, but not impossible. (my 2cents)

  • IR is not a viable alternative in my eyes because the costs involved will not be much lower than a wifi-capable device.
  • Bluetooth is almost as bad as rfid in terms of security. (And how do you get the code onto your phone in the first place if it isn't wifi capable?)
Kwisatz20:01, 23 May 2011
 
 
Personal tools
Namespaces

Variants
Actions
Navigation
syn2cat
Hackerspace
Activities
Initiatives
Community
Tools
Tools