Posted on May 30, 2017 by Mathijs Brand
A seamless solution between mobile and web. I heard people talk about that years ago. This was the future a few years ago. Today, I still read blogs, listen to podcasts and radio shows about using secure passwords. That you shouldn't use words from a dictionary. That you should change them often. That some companies are hacked, so you should keep up to date with which ones those are and update your passwords accordingly. And that a password manager is a good idea. But then really? Should a consumer really have a PHD in security to be safe? At Onegini we hate this. Our customers hate it. It's not a solution. And it can be so much easier, nicer and more secure. Think your organization is not ready for this? Give us a call, I'm sure we can help you out.
But Onegini also did login with push?
Yes. Onegini MSP also provides a way to login with your mobile phone on your website using a notification. A simple message pops up, you click accept, maybe a pincode/fingerprint and you're in. It's really up to you or your customers which option is best. Some people don't like push. Some mobile camera's don't work anymore. You can easily provide both as can be seen in our demo.
Below you get an impression of the flow. The QR code contains a One Time Password that is generated by the token server. The mobile security platform knows which user scans the code and validates the tokens. Then the token server notifies the portal the user can login.
I like technical details!
- iOS SDK on Mobile Authentication OTP
- Android SDK on Mobile Authentication OTP
- Token server docs on OTP