[sldev] [PROPOSAL] Authentication Model

[Tateru Nino]

Hmm. Just as a note, I'm not real good with captcha codes. It often
takes me twenty or thirty attempts to correctly identify the characters
by hand - due to the way I process visual information.

Instead, I've got software that I use to access the screen buffer and
read the codes for me, which gets them right nearly every time.

Harold Brown wrote:
> The current authentication model is a common single factor
> authentication based on username / password.   This method is not
> secure in that once those two pieces of information are in the hands
> of someone.  They have complete access to your account.  This
> information can be obtained through many different methods.
>  
> This proposal is for a multi-factor authentication method to be added
> to the login system.  This method should be easy for the end user
> without greatly affecting their current login experience.
>  
>  
> PROPOSAL:
> Each user should (at account creation, or after logging in to the
> system for the first time without this enabled) upload a personal
> image.  This image should be something that they can easily identify
> from a group of images at login.  When logging in the system should
> present a preset number of images that the user must select their
> personal image from.  Upon presentation the images must have a
> randomly generated watermark of some kind, perhapse a simple captcha
> overlayed onto the image that must be typed in to continue the login
> process.  The images must be modified at presentation to prevent
> identification of the image by MD5 or some other hash method.
>  
> The system could allow for a personal image pool, and users could
> designate images as being available to the system image pool for
> display for other logins.
>  
> DRAWBACKS:
>  
> This excludes the possibility of using a text based browser or
> automated systems for logging in.  An alternative multi-factor
> authentication would need to be available for these clients. 
>  
>  
> The key to this method is insuring that one piece of the
> identification process is not in possesion of the client.  It must be
> able to be presented to, and identified by the user, without allowing
> the client application or browser identify what that piece of
> identification is.
>  
>  
> ------------------------------------------------------------------------
>
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html
>   

-- 
Tateru Nino
http://dwellonit.blogspot.com/