[pmwiki-users] One time passwords, anyone?
Oliver Betz
list_ob at gmx.net
Fri Aug 21 13:39:39 CDT 2015
Petko Yotov wrote:
[...]
>> With challenge/response systems, you need a suitable password
>> generator on your mobile device.
>
>Actually this can be easier/simpler: the wiki generates a one-time
>password, stores in a server session file, and sends it via e-mail or
>SMS to the user. The user has not left the wiki page (to keep the
>session id), checks her e-mail or SMS and types the one-time password.
nice idea! E-Mail is cheap as long as the user has web access with his
mobile device. SMS is more complicated to achieve.
Using the session data, I don't need to deal with a local storage for
a OTP sequence counter.
[...]
>Note that some hosting providers offer a "shared" ssl server to access
>to your site, with a different address like
I just asked my provider whether there is such a generic access to the
web pages.
[...]
>Now, if one has to write a module sending a one-time-password via
>e-mail, once again, your e-mail client should connect to the e-mail
>server via an encrypted connection (ssl/tls). Most e-mail providers
>allow such connections. If the connection to the e-mail servers is not
most providers /force/ it these days, so no problem here.
Oliver
--
Oliver Betz, Munich http://oliverbetz.de/
More information about the pmwiki-users
mailing list