[aerogear-dev] OTP.js
Sebastien Blanc
scm.blanc at gmail.com
Wed May 1 09:01:40 EDT 2013
Interesting !
A few questions (and sorry for maybe the silly questions) :
* In the gist, it's mentioned that the secret is stored in the Session
Local, a secret is supposed to be reused, right ? But with session Local,
the secret will be deleted after each session, did you maybe mean Local
Storage ? Or does the secret is passed at each new session (which feels
strange...) ?
* If the secret is stored on the browser and can an user login on this
webapp when using another device (has to register again) ?
* The secret is passed over the network the first time, isn't that
dangerous ;) ?
* Option 4, with behind the scene flow, avoid the users to switch between
an OTP and a login screen, right ? That seems a nice option
* Is something like image based authentication maybe an option to
investigate (identify the cat, the boat etc ...)
http://www.marketwire.com/press-release/Confident-Technologies-Delivers-Image-Based-Multifactor-Authentication-Strengthen-Passwords-1342854.htm
Sebi
On Wed, Apr 24, 2013 at 5:59 PM, Matthias Wessendorf <matzew at apache.org>wrote:
> Nice!!!
>
>
> On Wednesday, April 24, 2013, Bruno Oliveira wrote:
>
>> Morning slackers, I had a meeting with Kris, Luke and Passos about the
>> painless way to provide an OTP implementation for JavaScript.
>>
>> https://gist.github.com/abstractj/d618faceee388a9d403a
>>
>> Basically the scenarios 1 and 4 were chosen to be implemented. Scenarios
>> 2 & 3 would provide bad user experience.
>>
>> I'll start to file some Jiras to myself, if you have any addition, let me
>> know.
>>
>>
>> --
>> "The measure of a man is what he does with power" - Plato
>> -
>> @abstractj
>> -
>> Volenti Nihil Difficile
>>
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130501/edfcc03c/attachment.html
More information about the aerogear-dev
mailing list