On Sat, Aug 24, 2013 at 10:05 AM, Tyler Romeo <tylerromeo(a)gmail.com> wrote:
On Sat, Aug 24, 2013 at 12:50 PM, Seb35
<seb35wikipedia(a)gmail.com> wrote:
An other solution is the use of one-time
passwords [1] for high-security
or https-unfriendly users (e.g. logging in) or actions (e.g. checkuser
action). Such one-time passwords can be generated entirely on the client
side (e.g. a program) or on an external device (e.g. SecurID [2]). This
transfers the problem "unsecure password" to a problem "protection of the
password generator" (e.g. with an offline password) and introduces the
key
distribution problem (e.g. the physical device).
Would something like Extension:OATHAuth fit this purpose?
The OATH protocol, definitely. One piece I wasn't able to get into our Auth
rework this summer was having 2-step login, so that we could require OATH
for some people, but normal users wouldn't have to. But yeah,
*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science
www.whizkidztech.com | tylerromeo(a)gmail.com
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l