Temporary Password
The concept is not new, but for some reason it is not popular. And the problem or at least the inconvenience is.
The second day I suffer, logging in web interfaces of the home and working mail, on Habré and so forth resources, being in the "untrusted" place. No one guarantees the absence of a banal keylogger there. But the problem of distrust is solved quite simply.
Why not provide in the control panel the ability to create a temporary password?
')
In the simplest case: the user knows that sometimes he will go to the resource from work, from friends or another computer. It logs in with its main, master password and creates an additional one-time password, which is no longer valid after the first use. That is, just press the exit button or close the browser and it becomes invalid and any keyloggers or observant comrades remain in the span.
In addition, you can screw the functionality. For example, organize support for several one-time passwords or use passwords with a given expiration date instead of one-time.
So why such, I think, the actual problem, which has a fairly simple solution, remains without it?
The second day I suffer, logging in web interfaces of the home and working mail, on Habré and so forth resources, being in the "untrusted" place. No one guarantees the absence of a banal keylogger there. But the problem of distrust is solved quite simply.
Why not provide in the control panel the ability to create a temporary password?
')
In the simplest case: the user knows that sometimes he will go to the resource from work, from friends or another computer. It logs in with its main, master password and creates an additional one-time password, which is no longer valid after the first use. That is, just press the exit button or close the browser and it becomes invalid and any keyloggers or observant comrades remain in the span.
In addition, you can screw the functionality. For example, organize support for several one-time passwords or use passwords with a given expiration date instead of one-time.
So why such, I think, the actual problem, which has a fairly simple solution, remains without it?
Source: https://habr.com/ru/post/23156/
All Articles