Generate one-time passwords with Google Authenticator App and validate them in Real Studio
Issue: 10.4 (May/June 2012)
Author: Mattias Sandström (msa-at-tangix.com)
Article Description: No description available.
Article Length (in bytes): 17,332
Starting Page Number: 40
RBD Number: 10407
project10407.zip Updated: Wednesday, May 2, 2012 at 11:36 AM
Related Link(s): None
Known Limitations: None
Excerpt of article text...
I hate static passwords! I cringe when I hear people using the same password for several systems, especially if they are static. In a previous article (RBD 7.5, July/August 2009) I looked at how to implement the Yubikey two-factor authentication that avoids static password but requires some kind of authentication service to be present. In this article I will describe another two-factor authentication system that does not rely on an authentication service but instead can handle the authentication locally.
My personal crusade for non-static passwords continues with a look at how to implement the HMAC-Based One-Time Password algorithm (or HOTP for short) together with the Google Authenticator smartphone app. A typical application for HOTP is for login to systems where authentication above a username and password combination is required, either for security or practical reasons.
Example of one-time-password systems
As an example, imagine a point-of-sales system where, for speed reasons and convenience, a clerk is able to open the register using a simple PIN. A PIN is perfect for the clerk for speed reasons but the PIN can be easily seen and remembered by an unauthorized person. However, the clerk's access level to the system is most likely limited and the PIN can only be used for the daily operations. Let us now add a manager with complete access to the system – do we want him to access all of the administrative functions just using a simple PIN? The answer is most likely no, and a possible solution would be to let the manager use a static PIN followed by a non-static HOTP – a basic two-factor authentication solution.
...End of Excerpt. Please purchase the magazine to read the full article.
Article copyrighted by REALbasic Developer magazine. All rights reserved.