I am thinking of using a QR code to login to a website. This way a user doesn't have to enter a user id/password.
users goes to a website.
the website need autorisation.
the website present a QR code.
the user scans the QR code with his/her phone.
Somehow the originating website gets confirmation that the QR code was scanned by a known phone.
Now the website knows the user and the user is logged in.
This is safe because the phone is known to the site.
If needed the user can protect the phone with a PIN code or other locking system.
Does anybody know if somebody has already build such a system?
Some code would be nice :-)
When logging in to a site, the web server sends the
PC browser a QR code that encodes a cryptographic challenge; the user
takes a picture of the QR code with his cell phone camera which re-
sults in a cryptographic response sent to the server; the web server then
logs the PC browser in.
Excerpt from: Secure, Consumer-Friendly Web Authentication
and Payments with a Phone
The have some real code too: https://github.com/Mobisocial/Snap2Pass
Because there are some challenges with sending data from the server to the waiting client, i.e. the page that showed the QR code we made www.qrpu.sh
This will just make some of the infrastructure easier, but the logic of the authentication is the same as in the answer from pods
It's a bit old discussion but I was looking for a solution to this kind of problem and I found this:
qrlogin
Related
I have no experience with this and I'm in need of major help. I have a word press website that I am trying to connect a gmail account to. So that the contact form gets sent to a gmail address. I got it all set up and it is telling me I need verification. This is only being used for my word press website. Probably very few users, not a business. Can I get around the verification process or not?
You would need an OAuth Consent Screen for your Project.
You can refer to this blog post on how you can connect a Gmail account on your Wordpress site
I have read the functions docs and the authentication codes on the firebase website, but I have no clue if it will be secure or not. I've read the whole of this doc: https://firebase.google.com/docs/auth/custom-email-handler
They seem to do all the verification on the website but I can't find the verifyPasswordResetCode(actionCode) function in the node.js doc so what way would you go around this?
Basically, if the user forgets their password/needs to verify their email I want the user to go to my website (I've already configured the custom action URL that is sent when the user requests to reset their email to go to 'mywebsite.com/auth/action/.../'. I know that the my front end (IOS App) needs to verify the code and then In my functions (that's hosted on my website) I need to reset their password, but how would I securely transfer information from the email to my app, to my website with the function to reset their password with the action code. Or can I do it all on my website instead of where they input their new password on the website? I'm guessing using dynamic links?
Thanks,
Nathan
This question is not language specific.
I want to send my username and password as soon I get logged off from the captive portal because many people are using an admin ID (infinite data benefits) in my college and I want to send the http POST packet asap.
So I want to run a piece of code which runs infinitely (as long as I am online) send the username and password and I have absolutely no clue of how to go about it, is there a batch file that I can run? or something else I haven't the slightest clue.
This is a simple python automation problem. Try this:
How I created a Python Bot to automatically log into a Captive Portal by Ritvik Khanna https://medium.com/p/how-i-created-a-python-bot-to-automatically-log-into-a-captive-portal-3d4ba04dee9f
I'd very much like a qr code that does the following thing when being scanned, e.g. with a camera on the new IOS 11:
Go to a specific website
Enter login information on that website, including username and password. It should not press the actual login button.
As far as I understand scanning a QR code basically mimics the keyboard, as such I'd assume this to be possible. However, the websites I use to generate a QR code can only generate one for a website, and I am not able to find anyone who have tried this problem before.
I thought that a potential way to do this would be to keep everything in the URL string and then redirect it to a script that automatically parses information into the login boxes, depending on the URL string. However, to be frank I am fairly lost on this.
Any and all help is appreciated.
QR codes do not mimic the keyboard. They contain data. When you scan a QR code, it may have a URL in it, such as http://example.com. Your phone then automatically opens this URL in your web browser. Therefore, it is not possible to embed username and password data into a QR code which can be used on any website.
Also, this would create a huge security risk as anyone could scan the QR code and get your login details!
As pointed out by the comments, it is technically possible to put the username and password in the url, or even to embed an OAuth token, but this would be like sticking your front door keys to your front door.
You can do exactly this way....
eg: http://domainname.com/getAuth.php?id=1234
That will read the id from DB and get user and password and redirect to another page with username and password in result page. So we do not need to pass credentials over url.
But it should be separate QR codes anyway...
Without any security risk you can do it.
In your QR, you need to mention a ID related to your user AUTH.
NOTE: It will work on scenarios like Wi-fi cards etc...since it will be personal/unique to buyer.
i'm making a scraper system... it's a challange by my teacher.
The idea is make a mobile app to do and store a class register, this way make possible to the teacher do your job into your smartphone and upload this data later.
We dont have access to college system, but we are imagining this scenario:
The App receive the data like Username and Password through your own graphic interface and make a login request to College WebSite simulating a human user.
The problem is know how to pass the login data by POST into the system... because the URL doesn't show the parameter entries like:
http://website.com/login.php?name=user
I'm looking for some idea... that help me to see the login parameters used in the browser request on the login process, after that i wanna try to loggin into the system by using URL parameters if possible or some other way.
the website is:
https://www.sigacentropaulasouza.com.br/fatec/login.aspx
UPDATED!!!
i'd a firebug installation into my browser and i saw something interesting in the Network Console of this plugin:
In the header, i saw something like:
Refer = https://www.sigacentropaulasouza.com.br/fatec/login.aspx?MyUserName,MyPassWord
so... i've trying to access my profile page by passing this URL into my browser.
Without Success!
I think... because this page uses the HTTPS probably?!
Any idea?