Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
i v n i n seeks n e t o

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


       

Onetime password enabler

When you have to give away your password to someone
  (-3)
(-3)
  [vote for,
against]

You enter the site via onetimepw.com, mark the site(s) that you want to allow someone to get into some day. When the day comes, give it the email of the person who should log in, and mark the check-boxes for the sites you allow them.

They get an email that links back to onetimepw.com and shows them your site. They can do everything except change your password.

For pay onetimepw could restrict the actions of the user entering via the onetimepw.

Its halfbakery here, the unbaked part is getting the pw over to the site without anybody sniffing it.

pashute, Mar 24 2010


Please log in.
If you're not logged in, you can see what this page looks like, but you will not be able to add anything.



Annotation:







       So this is for when you want someone else to access your account on some site? I can't think of an occasion when I've ever wanted to do that, but never mind... Then, as I understand it, you'd give an intermediary, or 'proxy' site your password and tell it to admit someone with a certain email address. This would fail, not only because (as you point out), you can't easily transport your password securely to the proxy site (actually this problem is quite solvable), but also because anyone could spoof the email address used for access, and also, providing your password for a website to the proxy site would almost certainly contravene the terms and conditions of the website which that password is for. [-]
hippo, Mar 24 2010
  

       A better way would be to have these one-time passwords integrated into each website. After the user with the one-time password is logged out, a new OTP is randomly assigned to the account.   

       // I can't think of an occasion when I've ever wanted to do that, but never mind... //   

       What if you're in a remote location with telephone access but no internet?
Alx_xlA, Sep 27 2010
  

       Good case [Alx]!   

       Also when you want to allow a friend to edit a file for you, or you want to give an offshore worker the possibility to use a paid service that you have access to, but wish to limit it for now. Or when you have a group of people you give access to an FTP site, but only have a user/pw for the site, and not an administrator pw (and of course this too is limited).   

       As opposed to you, hippo, I had this need many times.   

       Perhaps I was not clear. The email they get has a link back to the site with a token. So it cannot be spoofed easily. In any case an extra confirmation- email step could be used for this.   

       Looking at the idea a second time: There should not be a problem getting the pw over to the site. It would be simple proxy with SSL.   

       The site's code would have to be open source, so that you can rest assured that no-one at OTP will ever know your bank password.
pashute, Oct 04 2010
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle