Nice idea, but most users hate inputting a password/drawing on the screen to unlock it. So if you lose your phone or it gets stolen, all your credentials are lost and in the hands of an unknkown attacker. Also, phones tend to break during day-to-day usage (beverage spills, falls from desks).
While these problems were mentioned on the design page, I have another scenario: colleague comes over to your desk, swaps your phone with his so you don't notice immediately, pranks you on Facebook or Wikipedia and then swaps the phone back. Marco On Tue, Oct 18, 2011 at 4:51 AM, <[email protected]> wrote: > I originally posted this idea on G+ and Arthur Richards suggested I > cross-post it here. My friend, Isaac Potoczny-Jones is a computer security > professional. He developed a new authentication schema that layers on top of > existing technologies and leverages a user's smartphone and QRCodes to > improve authentication usability, eliminate human-generated passwords, and > further improve security by separating the authentication channel from the > login session. He's calling this capability "Animate Login" and as part of > the proof of concept, he developed a MediaWiki implementation. I believe > the Wikimedia foundation should pursue adding this technique as part of the > primary login options for it's projects. I would personally love to be able > to just point my phone at the login screen and have the system log me in to > Wikipedia without having to type anything or remember complex passwords. > Wikimedia has worked hard to consolidate logins across the many projects over > the last couple years and this would be a great way of providing seamless > login. It should be very low overhead and relatively easy to implement. > Isaac is very interested in seeing his tool put to use on Wikipedia. > Wikimedia could lead the way to improved authentication that also vastly > improves the user experience! > > Isaac explains the project in some detail on this Google Plus post: > https://plus.google.com/u/0/112702172838704084335/posts/B9UR2zzDY3f?hl=en > > His landing page for the project is here: > http://animate-innovations.com/content/animate-login > > The website has videos, links to a MediaWiki instance where its in use and > more. > > From the conversations I've had with him, I know that he has thought long and > hard about this application and has sought to address/understand all of the > potential attack vectors. Compared to human-generated passwords, this would > be vastly more secure and dramatically improve the user experience of logging > in. It might even entice new or old editors to login and give it a try and > thus re-engage them in editing. I'm also certain it could generate a fair > bit of buzz as people learn they can use their smartphone to login to > Wikipedia. > > I hope you'll consider working with Isaac. I'll point him to this thread so > he knows it is here. I know he'd love to see this implemented in Wikipedia. > > Don > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
