[keycloak-dev] Why do I have to enter the OTP?

Juraci Paixão Kröhling juraci at kroehling.de
Thu Jan 15 02:48:33 EST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/15/2015 08:43 AM, Stian Thorgersen wrote:
> I think we'd need some mechanism in place so the user knows he
> initiated the request. Keycloak could for example display a random
> phrase, for example "RED SHOE" which would also be displayed on the
> mobile. Banks in Norway use a similar mechanism.

I thought about something similar: a text on a box with a random
background color. Both the text and the color should match what is
seen in the browser. The user is probably never going to check the
text, but the color might get the user's attention.

- - Juca.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUt3DRAAoJEDnJtskdmzLMqTkH/iSCGIAIr3HQ49oUgwJ3KX4F
O4VbeCzX0AVX2i2wknHczpDUrmmytLVzHpxLtpa31BeK4V2jsyPkWmQBdwP3F5gP
pbuC3l7aXv7s9NvyQ1gIA01wRKnqBasalQoonhZ2yx+YMjEpm/opuniIZ5cD1Glr
fvvT8hFeUcGzLPesKb+3cGYR4H3PterRPjcD2RRR4f1rNsXXV/moswMYChamdmRd
XNEux3MnNmFgOniV9bsBzDC6dEhYXICOrlXR9HATWSmGdGsEElANY3v2o494oUq0
sGFcVMsujSjWACW6NTWfiTrSJgh+9aX9WDjFW/UkxZB3m4ufJJ82b3zO6IPIITA=
=eI+A
-----END PGP SIGNATURE-----


More information about the keycloak-dev mailing list