One time password (OTP)

schneijo · **on:** December 14, 2007, 11:45:23 AM

Is there a possibility to use one time passwords (or users)?
I think this would be a great feature

rejetto · **Reply #1 on:** December 14, 2007, 04:10:18 PM

There's no such feature, and you are the first one asking.
Describe how you imagine it would be (by the user side).

bacter · **Reply #2 on:** December 14, 2007, 09:51:50 PM

related to this topic: http://www.rejetto.com/forum/index.php?topic=5004.msg1027993#msg1027993

rejetto · **Reply #3 on:** December 16, 2007, 04:29:14 PM

slightly related.
with OTP you have lots of passwords on the same user.

schneijo · **Reply #4 on:** December 17, 2007, 08:14:32 AM

The steps shown in "password generating logic" would be a big effort.

But I think for an easier szenario:
1) I create a specific down/upload folder (and user account/password)
2) Then I send this information to the customer.
3) After the access at any time the password is implicit reseted

Effort for me:
- I dont have to analyse the logfiles a.s.a.p/online
- I know, that the files in the folders cannot be read/uploaded twice, or the account information cannot be used by collegues,...
- I can read/clean the folder offline(!), knowing that no one can reread/reaccess the files from outside
- After the "cleaning" of the folder it can be reused with a new password for a next customer ...

jack_2000 · **Reply #5 on:** December 19, 2007, 01:34:43 PM

"one time passwords" can be implemented another way.
Add a TTL(time to live) for a password. If it's -1(default) it will last forever.
If it's > 0 then the timer will tick away, until it reaches 0 and then the password will be deleted.

Also ( i'm not very good with programing) can another program, on the same machine, talk to hfs and tell it what to do as if it would be yo entering the passwords from the menu?

Can it work this way?

Foggy · **Reply #6 on:** December 19, 2007, 01:48:24 PM

That is possible by the command line, by I cant be bothered to lookup how. Just look in the wiki under command line parameters.

rejetto · **Reply #7 on:** December 19, 2007, 04:59:05 PM

that's not what i thought you were asking.
Indeed with such name in computers there's another meaning.
http://en.wikipedia.org/wiki/One_time_password

What you are asking is not hard to make. There's a problem about how to count. Since we are not using cookies/sessions, password is actually used tens of times everytime. We may eventually count using a timeout.

Anyway, the counter would disable the account. I think this is the best action.

It's in the to-do-list now.

MarkV · **Reply #8 on:** December 20, 2007, 01:49:49 AM

So it's in fact 'time limited accounts'. You could even say 'deactivate this account after X downloads/after Y uploads'.

One time password (OTP)

schneijo

One time password (OTP)

rejetto

Re: One time password (OTP)

bacter

Re: One time password (OTP)

rejetto

Re: One time password (OTP)

schneijo

Re: One time password (OTP)

jack_2000

Re: One time password (OTP)

Foggy

Re: One time password (OTP)

rejetto

Re: One time password (OTP)

MarkV

Re: One time password (OTP)