Authorization without the ability to pass the username / password to another

0 like 0 dislike
22 views
Please tell me how you can implement something like this.
There is a database that you access through a web interface. Task: to log in, roughly speaking, "signed" by users if one user wants to send the password to another, then he will not be able to use it. The binding to IP is unrealistic, because dyn. Sending to the client confirmation code text how with a unique code and with a certain client ID (roughly a piece of idnt. session), is also not an option, you can also forward. There's only one option authorization via etoken. But really so paranoid?
by | 22 views

7 Answers

0 like 0 dislike
Can be enough to prohibit simultaneous operation of multiple users under one login? Then the "geeks" who can be themselves without access. Often such a lack.
by
0 like 0 dislike
All versions can be avoided. How secure is this system?
by
0 like 0 dislike
Technically the simplest way is to bind to the mail user. Every login is sent a unique link to confirm. Of course, the user can every time to send another this link, or give the password to your email.
\r
Social ways to make the bind password information that the user does not want to share with others (what it could be — depends on the category of users).
\r
Apparently, to clarify the method it is necessary to clarify the conditions in which it is used, what user restrictions still imposed. Because no one bothers one person to enter a password and put behind the computer of another person — will not help the reference to the token/computer, and even authentication chip in the right hand.
\r
So the only biometric authentication is the iris that is performed continuously during the entire session and allow access only from a special room where guards monitored the entrance one by one.
by
0 like 0 dislike
To use certificates. As light.webmoney.ru/login.aspx?ReturnUrl=/default.aspx the X. 509 certificate.
by
0 like 0 dislike
And token delivery. You can issue certificates marked as non-exportable (win only), but also no one bothers to clone the system at the block level.
by
0 like 0 dislike
binding mac address, but do not talk about it))
by
0 like 0 dislike
The system is a "black list" with the purchase of end-user key at the time of its use, with the ability to add list items.
by
110,608 questions
257,186 answers
0 comments
28,882 users