[sldev] [PROPOSAL] Authentication Model

[Harold Brown]

The current authentication model is a common single factor authentication
based on username / password.   This method is not secure in that once those
two pieces of information are in the hands of someone.  They have complete
access to your account.  This information can be obtained through many
different methods.

This proposal is for a multi-factor authentication method to be added to the
login system.  This method should be easy for the end user without greatly
affecting their current login experience.


PROPOSAL:
Each user should (at account creation, or after logging in to the system for
the first time without this enabled) upload a personal image.  This image
should be something that they can easily identify from a group of images at
login.  When logging in the system should present a preset number of images
that the user must select their personal image from.  Upon presentation the
images must have a randomly generated watermark of some kind, perhapse a
simple captcha overlayed onto the image that must be typed in to continue
the login process.  The images must be modified at presentation to prevent
identification of the image by MD5 or some other hash method.

The system could allow for a personal image pool, and users could designate
images as being available to the system image pool for display for other
logins.

DRAWBACKS:

This excludes the possibility of using a text based browser or automated
systems for logging in.  An alternative multi-factor authentication would
need to be available for these clients.


The key to this method is insuring that one piece of the identification
process is not in possesion of the client.  It must be able to be presented
to, and identified by the user, without allowing the client application or
browser identify what that piece of identification is.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20071001/6e469f64/attachment.htm