WebApp Sec mailing list archives
Multi-factor login authentication schemes inlcuding password recovery
From: steve wright <steviewr1ght () yahoo com>
Date: Thu, 7 Oct 2004 14:45:04 -0700 (PDT)
Hello! I need to design a web application that incorporates a layered password login page since I can not use client-side certificates etc for this project - but need to beef up the usual password/username scheme. Are there are good whitepapers that describes such as a web application scheme, including the registration process, where the user would need to provide a passphrase, to be used as a shared secret in the authentication process. To compliment this a secure password recovery process is also needed. Something along the lines of what many internet banks do these days with username and password then reirection to a new page with 3 random characters from your passphrase, plus a secure "forgot your password" process to go with it. Any pointers to resources which details such a scheme with some nice process flows would be highly appreciated... What I have found so far on the net described some of the above in a fragmented and incomplete manner. I have yet to find a comprehensive guide/whitepaper that does a good job of covering all aspects including mapping out the required processes... - SW _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com
Current thread:
- Multi-factor login authentication schemes inlcuding password recovery steve wright (Oct 07)
- Re: Multi-factor login authentication schemes inlcuding password recovery Saqib . N . Ali (Oct 09)