[keycloak-dev] Why do I have to enter the OTP?
Bill Burke
bburke at redhat.com
Tue Jan 13 11:41:33 EST 2015
Cool. I knew it couldn't be a unique idea.
On 1/13/2015 11:34 AM, Bruno Oliveira wrote:
> I think what you meant was something like this
> https://www.duosecurity.com/product/user-experience/authentication,
> right?
>
> On 2015-01-13, Bill Burke wrote:
>>
>>
>> On 1/13/2015 11:19 AM, Summers Pittman wrote:
>>> On 01/13/2015 11:11 AM, Bill Burke wrote:
>>>> Why does a user have to enter in the OTP generated by their mobile
>>>> device? Wouldn't it be cooler if the steps were:
>>>>
>>>> 1. Enter in username password in the browser
>>>> 2. Browser blocks and wait for...
>>>> 3. Press a button on your OTP iphone app
>>>> 4. iphone app sends an HTTP message to Keycloak with username and
>>>> generated OTP (in background)
>>>> 5. Keycloak sees if a browser app is waiting for OTP verification, then
>>>> verifies OTP if so.
>>>> 6. Browser unblocks and lets user in.
>>>>
>>>> Now, the user doesn't ever have to enter the OTP (and mess it up like I
>>>> do all the time). They just need their mobile device.
>>>>
>>>>
>>>>
>>> Even better, in Android this can be done from an interactive
>>> notification. You won't even need to open the app.
>>>
>>
>> Probably the same in iOS, no?
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
> --
>
> abstractj
> PGP: 0x84DC9914
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list