I originally posted this idea on G+ and Arthur Richards suggested I cross-post it here.
My friend, Isaac Potoczny-Jones is a computer security professional. He developed a new
authentication schema that layers on top of existing technologies and leverages a
user's smartphone and QRCodes to improve authentication usability, eliminate
human-generated passwords, and further improve security by separating the authentication
channel from the login session. He's calling this capability "Animate
Login" and as part of the proof of concept, he developed a MediaWiki implementation.
I believe the Wikimedia foundation should pursue adding this technique as part of the
primary login options for it's projects. I would personally love to be able to just
point my phone at the login screen and have the system log me in to Wikipedia without
having to type anything or remember complex passwords. Wikimedia has worked hard to
consolidate logins across the many projects over the last couple years and this would be a
great way of providing seamless login. It should be very low overhead and relatively
easy to implement. Isaac is very interested in seeing his tool put to use on Wikipedia.
Wikimedia could lead the way to improved authentication that also vastly improves the user
experience!
Isaac explains the project in some detail on this Google Plus post:
https://plus.google.com/u/0/112702172838704084335/posts/B9UR2zzDY3f?hl=en
His landing page for the project is here:
http://animate-innovations.com/content/animate-login
The website has videos, links to a MediaWiki instance where its in use and more.
From the conversations I've had with him, I know
that he has thought long and hard about this application and has sought to
address/understand all of the potential attack vectors. Compared to human-generated
passwords, this would be vastly more secure and dramatically improve the user experience
of logging in. It might even entice new or old editors to login and give it a try and
thus re-engage them in editing. I'm also certain it could generate a fair bit of buzz
as people learn they can use their smartphone to login to Wikipedia.
I hope you'll consider working with Isaac. I'll point him to this thread so he
knows it is here. I know he'd love to see this implemented in Wikipedia.
Don