How can one make a web-site accessible only when someone has a dongle?

懵懂的女人 提交于 2019-11-30 08:40:52

You may be interested in the Yubikey.

It's a small usb dongle that acts as a usb keyboard (i.e. needs no special drivers or client software) and is designed exactly for this sort of authentication.

You could use RSA SecurID tokens, which are little keychain displays that change the number displayed every one minute. In addition to requiring the username and password, you can also require them to enter the number they see on their token to verify they have the hardware device with them. There are various hardware dongles, with some even requiring a PIN to be entered to see the changing number. The is extra complexity on the server side, but the client doesn't have too much trouble.

I've also used the Yubikey with good results. Another similar solution is the Swekey - you might want to check that out also.

I've had good results implementing website authentication and login using Dinkey Dongles and the DinkeyWeb system.

The user plugs the usb security dongle into their machine, visits your "protected" web page and it validates the dongle before loading the page. Works without special permissions or privileges.

Hope it helps.

It's going to require something that has the rights to access the dongle. There is also the issue of hacking it--the communications aren't going to be able to be hidden so you have to make sure it doesn't matter. That means the dongle is going to have to implement it's own crpyto. You'll also need support for whatever systems you are going to support.

I see this getting very complex very fast.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!