Nice idea, but most users hate inputting a password/drawing on the
screen to unlock it. So if you lose your phone or it gets stolen, all
your credentials are lost and in the hands of an unknkown attacker.
Also, phones tend to break during day-to-day usage (beverage spills,
falls from desks).
While these problems were mentioned on the design page, I have another
scenario: colleague comes over to your desk, swaps your phone with his
so you don't notice immediately, pranks you on Facebook or Wikipedia
and then swaps the phone back.
Marco
On Tue, Oct 18, 2011 at 4:51 AM, <packs-24686(a)mypacks.net> wrote:
I originally posted this idea on G+ and Arthur
Richards suggested I cross-post it here. My friend, Isaac Potoczny-Jones is a computer
security professional. He developed a new authentication schema that layers on top of
existing technologies and leverages a user's smartphone and QRCodes to improve
authentication usability, eliminate human-generated passwords, and further improve
security by separating the authentication channel from the login session. He's
calling this capability "Animate Login" and as part of the proof of concept, he
developed a MediaWiki implementation. I believe the Wikimedia foundation should pursue
adding this technique as part of the primary login options for it's projects. I would
personally love to be able to just point my phone at the login screen and have the system
log me in to Wikipedia without having to type anything or remember complex passwords.
Wikimedia has worked hard to consolidate logins across the many projects over the last
couple years and this would be a great way of providing seamless login. It should be
very low overhead and relatively easy to implement. Isaac is very interested in seeing
his tool put to use on Wikipedia. Wikimedia could lead the way to improved
authentication that also vastly improves the user experience!
Isaac explains the project in some detail on this Google Plus post:
https://plus.google.com/u/0/112702172838704084335/posts/B9UR2zzDY3f?hl=en
His landing page for the project is here:
http://animate-innovations.com/content/animate-login
The website has videos, links to a MediaWiki instance where its in use and more.
From the conversations I've had with him, I know that he has thought long and hard
about this application and has sought to address/understand all of the potential attack
vectors. Compared to human-generated passwords, this would be vastly more secure and
dramatically improve the user experience of logging in. It might even entice new or old
editors to login and give it a try and thus re-engage them in editing. I'm also
certain it could generate a fair bit of buzz as people learn they can use their smartphone
to login to Wikipedia.
I hope you'll consider working with Isaac. I'll point him to this thread so he
knows it is here. I know he'd love to see this implemented in Wikipedia.
Don
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l