Special

Introducing the “Welcome to Xojo” Bundle!

New to Xojo and looking for guidance? We've put together a terrific bundle to welcome you! Xojo Bundle

This bundle includes six back issues of the magazine -- all of year 14 in printed book and digital formats -- plus a one-year subscription so you'll be learning all about Xojo for the next year. It's the perfect way to get started programming with Xojo. And you save as much as $35 over the non-bundle price!

This offer is only available for a limited time as supplies are limited, so hurry today and order this special bundle before the offer goes away!

Article Preview


Buy Now

PDF:

Feature

HOTP Authentication

Generate one-time passwords with Google Authenticator App and validate them in Real Studio

Issue: 10.4 (May/June 2012)
Author: Mattias Sandström (msa-at-tangix.com)
Article Description: No description available.
Article Length (in bytes): 17,332
Starting Page Number: 40
RBD Number: 10407
Resource File(s):

Download Icon project10407.zip Updated: Wednesday, May 2, 2012 at 11:36 AM

Related Link(s): None
Known Limitations: None

Excerpt of article text...

I hate static passwords! I cringe when I hear people using the same password for several systems, especially if they are static. In a previous article (RBD 7.5, July/August 2009) I looked at how to implement the Yubikey two-factor authentication that avoids static password but requires some kind of authentication service to be present. In this article I will describe another two-factor authentication system that does not rely on an authentication service but instead can handle the authentication locally.

My personal crusade for non-static passwords continues with a look at how to implement the HMAC-Based One-Time Password algorithm (or HOTP for short) together with the Google Authenticator smartphone app. A typical application for HOTP is for login to systems where authentication above a username and password combination is required, either for security or practical reasons.

Example of one-time-password systems

As an example, imagine a point-of-sales system where, for speed reasons and convenience, a clerk is able to open the register using a simple PIN. A PIN is perfect for the clerk for speed reasons but the PIN can be easily seen and remembered by an unauthorized person. However, the clerk's access level to the system is most likely limited and the PIN can only be used for the daily operations. Let us now add a manager with complete access to the system – do we want him to access all of the administrative functions just using a simple PIN? The answer is most likely no, and a possible solution would be to let the manager use a static PIN followed by a non-static HOTP – a basic two-factor authentication solution.

...End of Excerpt. Please purchase the magazine to read the full article.

Article copyrighted by REALbasic Developer magazine. All rights reserved.


 


|

 


Weblog Commenting and Trackback by HaloScan.com