[keycloak-dev] Why do I have to enter the OTP?

Stian Thorgersen stian at redhat.com
Thu Jan 15 02:53:50 EST 2015



----- Original Message -----
> From: "Juraci Paixão Kröhling" <juraci at kroehling.de>
> To: keycloak-dev at lists.jboss.org
> Sent: Thursday, 15 January, 2015 8:48:33 AM
> Subject: Re: [keycloak-dev] Why do I have to enter the OTP?
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 01/15/2015 08:43 AM, Stian Thorgersen wrote:
> > I think we'd need some mechanism in place so the user knows he
> > initiated the request. Keycloak could for example display a random
> > phrase, for example "RED SHOE" which would also be displayed on the
> > mobile. Banks in Norway use a similar mechanism.
> 
> I thought about something similar: a text on a box with a random
> background color. Both the text and the color should match what is
> seen in the browser. The user is probably never going to check the
> text, but the color might get the user's attention.

Actually I think the two words work well, as they are always an adjective followed by a noun they are easy to remember.

Not sure about color for a few reasons:

- It'll look horrible
- People filter out backgrounds
- Color mismatch between desktop and mobile screens 

> 
> - - Juca.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQEcBAEBAgAGBQJUt3DRAAoJEDnJtskdmzLMqTkH/iSCGIAIr3HQ49oUgwJ3KX4F
> O4VbeCzX0AVX2i2wknHczpDUrmmytLVzHpxLtpa31BeK4V2jsyPkWmQBdwP3F5gP
> pbuC3l7aXv7s9NvyQ1gIA01wRKnqBasalQoonhZ2yx+YMjEpm/opuniIZ5cD1Glr
> fvvT8hFeUcGzLPesKb+3cGYR4H3PterRPjcD2RRR4f1rNsXXV/moswMYChamdmRd
> XNEux3MnNmFgOniV9bsBzDC6dEhYXICOrlXR9HATWSmGdGsEElANY3v2o494oUq0
> sGFcVMsujSjWACW6NTWfiTrSJgh+9aX9WDjFW/UkxZB3m4ufJJ82b3zO6IPIITA=
> =eI+A
> -----END PGP SIGNATURE-----
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 



More information about the keycloak-dev mailing list