This is really interesting. You know, there are some banks in Hong Kong use two-stage authentication, because they can first check whether you are the valid user in the system (even they are not telling you they know you lie), and ask you to provide the password and some other information on the second stage, e.g. birthday, a token generated by a digital key, whatever you would like to.
Please do put the changes you made on wiki and share with us. Thanks, Harry Stephen Nelson-3 wrote: > > Hi, > > We've made some changes to the CAS application which allows a two-stage > authentication process. i.e. A user enters some identifiable information ( > e.g. username) and a second screen asks for password characters at > specified > positions. If this second step is correct the user is successfully > authenticated. > > We had a requirement to make this change as the majority of SSO > applications > are single step and request username and password to authenticate. > > Is this sort of modification of the CAS code useful to be committed back? > I > am not certain that it could be included as a plugin/module as it changes > some of the key login flows. > > Many thanks > > Stephen > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- View this message in context: http://www.nabble.com/Two-step-authentication-tf4574456.html#a13063267 Sent from the CAS Users mailing list archive at Nabble.com. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
