[imp] IMP Security Idea
Jon Poland
polandj at monkey.org
Tue Jul 6 16:19:51 PDT 2004
Hi,
One thing I've always hated about webmail is I tend to check it from
machines I don't trust. You walk into a webcafe in Mexico, the computers
are wide open and allow any software to be installed. But you need to
check email to get some info, do you take your chances with keyboard
sniffers and such?
How about this: augment the login screen with a click based PIN. I've
attached a screenshot. Proper login requires both a password and proper
PIN. The location and size of the buttons is random(to defeat mouse
capture devices), but always in the same order (to not annoy the user).
I applied this against IMP 3.2 and am trying to gauge interest. I'd be
happy to provide a tar of my dir, or possibly diffs. It needs more work,
but is fully implemented (users can change their PIN via the web).
- JP
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ss.png
Type: application/octet-stream
Size: 25295 bytes
Desc:
Url : http://lists.horde.org/archives/imp/attachments/20040706/b7e1f9ca/ss-0001.obj
More information about the imp
mailing list