Re: [keycloak-dev] Why do I have to enter the OTP?
----- Original Message -----
From: "Juraci Paixão Kröhling" <juraci(a)kroehling.de>
To: keycloak-dev(a)lists.jboss.org
Sent: Thursday, 15 January, 2015 8:48:33 AM
Subject: Re: [keycloak-dev] Why do I have to enter the OTP?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/15/2015 08:43 AM, Stian Thorgersen wrote:
> I think we'd need some mechanism in place so the user knows he
> initiated the request. Keycloak could for example display a random
> phrase, for example "RED SHOE" which would also be displayed on the
> mobile. Banks in Norway use a similar mechanism.
I thought about something similar: a text on a box with a random
background color. Both the text and the color should match what is
seen in the browser. The user is probably never going to check the
text, but the color might get the user's attention.
Actually I think the two words work well, as they are always an adjective followed by a
noun they are easy to remember.
Not sure about color for a few reasons:
- It'll look horrible
- People filter out backgrounds
- Color mismatch between desktop and mobile screens
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUt3DRAAoJEDnJtskdmzLMqTkH/iSCGIAIr3HQ49oUgwJ3KX4F
O4VbeCzX0AVX2i2wknHczpDUrmmytLVzHpxLtpa31BeK4V2jsyPkWmQBdwP3F5gP
pbuC3l7aXv7s9NvyQ1gIA01wRKnqBasalQoonhZ2yx+YMjEpm/opuniIZ5cD1Glr
fvvT8hFeUcGzLPesKb+3cGYR4H3PterRPjcD2RRR4f1rNsXXV/moswMYChamdmRd
XNEux3MnNmFgOniV9bsBzDC6dEhYXICOrlXR9HATWSmGdGsEElANY3v2o494oUq0
sGFcVMsujSjWACW6NTWfiTrSJgh+9aX9WDjFW/UkxZB3m4ufJJ82b3zO6IPIITA=
=eI+A
-----END PGP SIGNATURE-----
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev