[pmwiki-users] One time passwords, anyone?

Oliver Betz list_ob at gmx.net
Fri Aug 21 13:39:39 CDT 2015


Petko Yotov wrote:

[...]

>> With challenge/response systems, you need a suitable password
>> generator on your mobile device.
>
>Actually this can be easier/simpler: the wiki generates a one-time 
>password, stores in a server session file, and sends it via e-mail or 
>SMS to the user. The user has not left the wiki page (to keep the 
>session id), checks her e-mail or SMS and types the one-time password.

nice idea! E-Mail is cheap as long as the user has web access with his
mobile device. SMS is more complicated to achieve.

Using the session data, I don't need to deal with a local storage for
a OTP sequence counter.

[...]

>Note that some hosting providers offer a "shared" ssl server to access 
>to your site, with a different address like 

I just asked my provider whether there is such a generic access to the
web pages.

[...]

>Now, if one has to write a module sending a one-time-password via 
>e-mail, once again, your e-mail client should connect to the e-mail 
>server via an encrypted connection (ssl/tls). Most e-mail providers 
>allow such connections. If the connection to the e-mail servers is not 

most providers /force/ it these days, so no problem here.

Oliver
-- 
Oliver Betz, Munich http://oliverbetz.de/




More information about the pmwiki-users mailing list