Reply New Topic
2013/10/4 15:00:34
Home away from home

Re: Secure login: A replacement for passwords, tokens and everything else

Sort of. The long random number is a cryptographic challenge. You authenticate by signing the number with your public key (which is effectively your ID) and sending it back to the server. If the signature is valid it knows to let you in.

The phone app reads the data out of the QR code (random number, URL for processing login requests), signs it and sends it off for verification. The app also handles creation and management of site-specific keys.

Reply New Topic extras
 Previous Topic   Next Topic
You can view topic.
You can start a new topic.
You can reply to posts.
You cannot edit your posts.
You cannot delete your posts.
You cannot add new polls.
You cannot vote in polls.
You cannot attach files to posts.
You can post without approval.