My 2 Factor Authentication System

[indicasteve]

Hi folks!

I've been working on an idea to provide an inexpensive 2 factor authentication system to websites.

Websites can hook into the APIs to easily provide a card based second layer of authentication.

The APIs and more info can be found here: https://go2fac.appspot.com

It's easier to show how it works than to explain it, so I made an open source PHP/MySQL login system that uses the APIs.  That site can be found here: http://174.5.169.52/go2fac

Since I wrote it all by hand, there might still be some bugs and things are still a little rough around the edges, but you can get a good idea what it's all about.

I know there are a lot of skilled programmers around here and I'm looking for your input to improve the API services and the security of the sample PHP code. 

Maybe the whole idea of using a card based authentication is crap...idk.  But I'm interested to hear your thoughts.

Thanks guys!

Steve



 

[1713526986]

1713526986

[1713526986]

1713526986

[1713526986]

1713526986

[indicasteve]

hmm..over 60 views to my thread here and no replies from the peanut gallery?

I'm either doing something right, or doing something wrong I guess.

But, I will try and make it easy....

I made an account on my website at http://174.5.169.52/go2fac.

Let's pretend that my database got dumped and my username is steven and the password is also steven   All lower case.

Can you log into my account?  If you can, I'll give you a bitcoin or a hug or something. 

The code is all open, so maybe you can find a vulnerability?

Your comments and questions are always welcome!

Cheers!

[indicasteve]

I'd like to take some time and thank everyone who has helped me with this project so far.

I would like to give a special thanks to my girlfriend who has been keeping my friends company while I have been busy at my desk 'playing on my computer'.   She says she loves me so it must be true even though all my friends wear the same shade of lipstick as she does.  Go figure?

I would like to give a special thanks to my mom who leaves a tray of left-over food at the top of the basement stairs every Tuesday and Friday evenings.  Your cooking is the best mom!

I would also like to take a moment and thank my dad who kicks the tray of food down the stairs and yells, "When the fuck are you going to pick up this shit and get a haircut and get a real job you bum?"  Dad, your words of wisdom and encouragement will always inspire me.

Finally, I would also like to thank my government for all their help and support with education, business and economic development programs made available to people like me.   Without your assistance I would not be able to flounder in such a glorious cesspool of debt and misopportunity.

Due to the extreme volume of enquirers to this thread, I may not be able to respond in a timely manor.  Please send any additional messages to my automated personal assistant.

Most Sincerely,

Steve

[Bitbird]

Nice work! And great humor!

[Raoul Duke]

WalletBit uses the same type of system, but instead of using it for 2 factor auth it uses the "Secure Card" to authorize transactions, instead of using the account password. You might want to have a look at it and I dunno, maybe exchnage some ideas with Kris.

And no, it's not a crap idea, banks use it all the time.

Also, you might want to move your thread to the Project Development forum https://bitcointalk.org/index.php?board=12.0 which is probably the best place for this thread. You'll get more replies there than on the Off-Topic section... or not...

[btc_artist]

Nice work!  On a practical note, decoding the six shapes seems to take too long in my opinion.  It just seems like too much work, which means users are not going to like it.