High security logins

104 views
Skip to first unread message

Peter Lord

unread,
May 8, 2017, 4:38:28 AM5/8/17
to mooltipass
I think I know the answer to this, but worth asking all the same :-)

Do we have a solution for high security logins ?  For example :
  • Prompted for individual ( and random ) characters of your password rather than the whole ?  For example, on https://www1.firstdirect.com for the me the page contains the text "Please enter the 1st, 4th and penultimate characters from your electronic password, and the answer to your question."
  • Prompt for secondary information - For example, on https://www.fundingcircle.com has two pages - the first is usual username/password, the second is a security question
  • One time passwords such as google authenticator, first direct, pingid etc. 

Many thanks,

Pete

mathieu...@gmail.com

unread,
May 8, 2017, 4:42:49 AM5/8/17
to Peter Lord, mooltipass
Hello Peter,

1) Wow... that's quite an odd request... I'm afraid we don't have any solution for it now
2) It's in our todo list to use the description field of a given credential for that purpose
3) That will be for either a 2FA only version of the mini or a future mooltipass! If you have some spare time, contributors are welcome!

Mathieu

--
You received this message because you are subscribed to the Google Groups "mooltipass" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mooltipass+unsubscribe@googlegroups.com.
To post to this group, send email to moolt...@googlegroups.com.
Visit this group at https://groups.google.com/group/mooltipass.
For more options, visit https://groups.google.com/d/optout.

Peter Lord

unread,
May 8, 2017, 5:01:13 AM5/8/17
to mooltipass, plo...@googlemail.com


On Monday, May 8, 2017 at 9:42:49 AM UTC+1, Mathieu Stephan wrote:
Hello Peter,

1) Wow... that's quite an odd request... I'm afraid we don't have any solution for it now

Okay thanks.

Another example I have is nationwide bank - https://onlinebanking.nationwide.co.uk/AccessManagement/Login.  If you choose to login with "memorable data" you need to supply customer number, memorable data and 3 digits from passnumber.  This page you can play with without actually having a UK bankaccount.


 
2) It's in our todo list to use the description field of a given credential for that purpose

Great thanks :-)

 
3) That will be for either a 2FA only version of the mini or a future mooltipass! If you have some spare time, contributors are welcome!


Thanks again ( just found some previous posts on this )


 

Mathieu

On Mon, May 8, 2017 at 10:38 AM, 'Peter Lord' via mooltipass <moolt...@googlegroups.com> wrote:
I think I know the answer to this, but worth asking all the same :-)

Do we have a solution for high security logins ?  For example :
  • Prompted for individual ( and random ) characters of your password rather than the whole ?  For example, on https://www1.firstdirect.com for the me the page contains the text "Please enter the 1st, 4th and penultimate characters from your electronic password, and the answer to your question."
  • Prompt for secondary information - For example, on https://www.fundingcircle.com has two pages - the first is usual username/password, the second is a security question
  • One time passwords such as google authenticator, first direct, pingid etc. 

Many thanks,

Pete

--
You received this message because you are subscribed to the Google Groups "mooltipass" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mooltipass+...@googlegroups.com.

Alan Rickayzen

unread,
Jun 23, 2017, 1:47:27 AM6/23/17
to mooltipass, plo...@googlemail.com


1) Wow... that's quite an odd request... I'm afraid we don't have any solution for it now


Just to add that this method is becoming common in online banking. I also have to use this method with another site. A partial but good solution would be to allow the password on the Mooltipass to display. This keeps it secure (no transfer to the pc).

BTW: What is the justification for only displaying the password on the Mooltipass when it is connected to a dumb power source but not to a pc?
All the best,
Alan 

mathieu...@gmail.com

unread,
Jun 23, 2017, 1:56:43 AM6/23/17
to Alan Rickayzen, Peter Lord, mooltipass
We simply didn't think of that use case at the time :/

--
You received this message because you are subscribed to the Google Groups "mooltipass" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mooltipass+unsubscribe@googlegroups.com.

Alan Rickayzen

unread,
Jun 23, 2017, 1:59:33 AM6/23/17
to mooltipass, alan...@gmail.com, plo...@googlemail.com
Fair enough :)


On Friday, 23 June 2017 07:56:43 UTC+2, Mathieu Stephan wrote:
We simply didn't think of that use case at the time :/
On Jun 23, 2017 7:47 AM, "Alan Rickayzen" <alan...@gmail.com> wrote:


1) Wow... that's quite an odd request... I'm afraid we don't have any solution for it now


Just to add that this method is becoming common in online banking. I also have to use this method with another site. A partial but good solution would be to allow the password on the Mooltipass to display. This keeps it secure (no transfer to the pc).

BTW: What is the justification for only displaying the password on the Mooltipass when it is connected to a dumb power source but not to a pc?
All the best,
Alan 

--
You received this message because you are subscribed to the Google Groups "mooltipass" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mooltipass+...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages