Alternative OpenDuino authentication
If, at first sight, you compare this to the current auth, this method is more secure. So I try to determine what were the conditions to come up with this procedure.
- the user must give his password
- the user has to be at the front door
- ??? I can't think of anything else
So procedure optimized as follows:
ask via authenticated webpage for a code.
that code is sent via sms and is valid 2h
show the code to the webcam (or via IR or bluetooth)
The difference is that with a login, unless someone wrote down his/her password, you can be reasonably sure that the person entering it is the person s/he claims to be. So s/he needs to fulfill both requirements at the same time. However, if you're using a sheet, there is the risk of someone else stealing or finding it and thus not being who s/he claims to be. Ok, chances that this person (if s/he finds the sheet) knows what purpose it serves are rather slim, but not impossible. (my 2cents)
- IR is not a viable alternative in my eyes because the costs involved will not be much lower than a wifi-capable device.
- Bluetooth is almost as bad as rfid in terms of security. (And how do you get the code onto your phone in the first place if it isn't wifi capable?)