Despite suggesting many projects for Open Hack Day, and mulling over many more, I had a brainwave while driving down south last night. I was listening to pod casts thinking about logging in more securely on public computers, and then the ideal project sprung in to my head. Why don’t we create a hardware security key based around a simple micro controller that adds another variable authentication factor. This way even if a key logger gets your password they can not log in.
We have technology like the PayPal security key, and you can use this with Verisign Labs Personal Identity Portal and OpenID to log in to your serice. There is also a decent open paper based solutions with Perfect Paper Passcards.
I can see several potential deliverables in this project.
* The hardware
A device that gives the user a set of letters to type in to log in. The number needs to change (obviously) but this can be done using time, a sequence (by pressing a button), or some feedback from the computer. I am keen to look at visually transmitting data to this device from the PC screen using just light. The hardware will have a shared secret with the server.
* The mobile app
Same as the hardware, but implemented in code on a mobile phone.
* The client libraries
The code that indirectly interacts with the hardware.
* The example implementation
An OpenID server that uses the client libraries allowing users to log in to any service using the hardware.
So that is it. Do you want to help?
Delicious
Flickr
Google Plus
Hackaday
Instructables
Lanyrd
Twitter
YouTube
Facebook
Geocaching
