Looks like an interesting idea. The MediaWiki extension needs some work
though so I'll fork that and work on it today.
On Mon, Oct 17, 2011 at 10:51 PM, <packs-24686(a)mypacks.net> wrote:
I originally posted this idea on G+ and Arthur
Richards suggested I
cross-post it here. My friend, Isaac Potoczny-Jones is a computer security
professional. He developed a new authentication schema that layers on top
of existing technologies and leverages a user's smartphone and QRCodes to
improve authentication usability, eliminate human-generated passwords, and
further improve security by separating the authentication channel from the
login session. He's calling this capability "Animate Login" and as part
of
the proof of concept, he developed a MediaWiki implementation. I believe
the Wikimedia foundation should pursue adding this technique as part of the
primary login options for it's projects. I would personally love to be able
to just point my phone at the login screen and have the system log me in to
Wikipedia without having to type anything or remember complex passwords.
Wikimedia has worked hard to consolidate logins across the many projects
over the last couple years and this would be a great way of providing
seamless login. It should be very low overhead and relatively easy to
implement. Isaac is very interested in seeing his tool put to use on
Wikipedia. Wikimedia could lead the way to improved authentication that
also vastly improves the user experience!
Isaac explains the project in some detail on this Google Plus post:
https://plus.google.com/u/0/112702172838704084335/posts/B9UR2zzDY3f?hl=en
His landing page for the project is here:
http://animate-innovations.com/content/animate-login
The website has videos, links to a MediaWiki instance where its in use and
more.
From the conversations I've had with him, I know that he has thought long
and hard about this application and has sought to address/understand all of
the potential attack vectors. Compared to human-generated passwords, this
would be vastly more secure and dramatically improve the user experience of
logging in. It might even entice new or old editors to login and give it a
try and thus re-engage them in editing. I'm also certain it could generate
a fair bit of buzz as people learn they can use their smartphone to login to
Wikipedia.
I hope you'll consider working with Isaac. I'll point him to this thread
so he knows it is here. I know he'd love to see this implemented in
Wikipedia.
Don
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l