Tuesday, September 8, 2009

Dear Lazyweb, here's an idea:

Talking to some friends about wanting safer logins, it seems that a cellphone with a camera could be a good challenge/response device, like so:

1) sit down to log into your desktop as normal
2) enter your username
- the response is a 2D barcode 'challenge' with an entry field for the response
3) use your cellphone to take a picture or 'scan' in the barcode.
- cellphone generates the correct response (presumably your key is in the cellphone software already)
4) type in the code that your cellphone generates as the response

Kind of like OPIE stuff or those RSA keyfobs, but slightly more general since the above is mostly an I/O method and says nothing about the encryption used.

No comments: