* Something you know (memorizing a password, PIN, whatever)
* Something you are (biometrics)
* Something you have (2FA, passkeys, OTP keys)
I think all three have been done in various combinations, and each have their pros and cons. Of those, I personally find Passkeys to be the easiest to use, especially with password manager that can sync across devices.
i was thinking the user having an image act as a password/key.
---then locking the key to said devices only acting like 2FA
------voice login???
---------if the user is say from los angeles their passcode only works here
---passcode but with images interchanging passwords that the user can custom set.
-----having the user record their room with their face in it and a simple phrase loike banana' oranges' apples'.
I’m on vacation in a city hundreds of miles from home. My plane ticket is on my phone. I drop my phone and break it, needing a new one. How do I get logged back in on my new phone, to get access to my ticket, so I can catch my flight home?
In my particular situation, 2FA was forced upon me by Apple some time earlier. Through dumb luck, I happened to bring an iPad on my trip which I was able to use for 2FA to get logged back in and get home. If I hadn’t brought a 2nd device, or wasn’t in my home locations (with the setup you mention), what do I do?
A lot of people have a phone as their only device these days. 2FA, or location dependent 2FA seems really bad. I don’t know how people recover when a primary, or their only, device is lost/broken?
I have since setup a recovery key with Apple. I’m planning a trip in a couple weeks. I’m thinking I need to write down my recovery key and keep it in a money belt, so if something goes wrong I have a way to get at my data, so I can get home. But is the average user going to do any of that? No way. This all seems like a huge risk.
--passcode with a specific time of day you have set which a maze appears but you have to choice of holding down + swiping + holding down again + swiping in order to activate said maze super recommended because hardly any1 has seen you do this atleast physically (inform the user to set this up in a private place by themselves only with absolutely no1 looking)
---this appears as a everyday passcode interface and only the user knows they can do this
>>>time logged off??? on our side we can tell how much time your login you have been inactive, if i was apple 4example i would check for active internet connection/any sort of activity ping. this tells us somethings up.. only accordance to you tho upon sucessful login details.
>>>pinged last phone battery 0%? oki
>>>zero signs of activity? on all logged in devices?yes? oki
>>>last time of signs of phone activity on all devices? device 1, 2:00pm device 2 5:00pm device 3 10:00pm?+++prompt the user someone is trying to login from out of
oh hey but the user usually goes to sleep around this time...... account for that too...
+++360 video selfie of yourself with saying your simple phrase? super manual... has to be reviewed by a human. super anti- ai
>>you got a new phone should be no problem right?***
+++time specific passcode:: time sensitive lets say the user picks 12:05pm to 12:10pm on their time the ui matches this with the time whatever country their in.
>>>if the user doesn't login in their phone within the last 72 hours
something maybe less idk
>>>as for the keys your right is not seamless how about a passcode interface that
---how many times do people go about not** bringing their phones vs breaking their phones on another country?
----prompt what country their going to?
----ping the user on all logged in devices with activity thats someones trying to log in. i think google and amazon already uses this called 'OTP' they send it over to your email(mind you, you have to be logged in your email)
---lets check off all of these first and then give you this option.kinda thing
-----an idea of a wireless SSD ring auth comes in mind for super auth purposes scenarios like this only. vs having to write down what recovery key. but this is super specific scenario... i too have encountered 2FA like... when my phone battery died. i was trying to login on the library computer...maybe prompting the user of simple 4 digit number combo before the phone dies? 2 image combo out of 9 images presented at front?
hell shit even only allow the users to view new emails from today,yesterday and before after only? and reply?
i mean what do you need to do exactly anyways. access to your bank account? meow dats an entire different problem... much bigger problem..
view tickets???? only hell yeah that could work...
hmm meowidk
have a button appear which allows restricted access only...
----https://www.youtube.com/watch?v=w1xmwN_XoJ4
super mario bros login
-------users can take a 360 video of their room and them in it while saying a phrase [informing them: a room which they are frequently in but no1 else has access to (like your apartment)]lol
Readit News
That will probably help the community help you.
If you go with passwords, you already have a risk vector for resetting passwords. Skip the password and the reset.
Make the login link expire after 10 minutes so they attackers only have a short window.
Deleted Comment
Dead Comment
* Something you know (memorizing a password, PIN, whatever)
* Something you are (biometrics)
* Something you have (2FA, passkeys, OTP keys)
I think all three have been done in various combinations, and each have their pros and cons. Of those, I personally find Passkeys to be the easiest to use, especially with password manager that can sync across devices.
I’m on vacation in a city hundreds of miles from home. My plane ticket is on my phone. I drop my phone and break it, needing a new one. How do I get logged back in on my new phone, to get access to my ticket, so I can catch my flight home?
In my particular situation, 2FA was forced upon me by Apple some time earlier. Through dumb luck, I happened to bring an iPad on my trip which I was able to use for 2FA to get logged back in and get home. If I hadn’t brought a 2nd device, or wasn’t in my home locations (with the setup you mention), what do I do?
A lot of people have a phone as their only device these days. 2FA, or location dependent 2FA seems really bad. I don’t know how people recover when a primary, or their only, device is lost/broken?
I have since setup a recovery key with Apple. I’m planning a trip in a couple weeks. I’m thinking I need to write down my recovery key and keep it in a money belt, so if something goes wrong I have a way to get at my data, so I can get home. But is the average user going to do any of that? No way. This all seems like a huge risk.
>>>pinged last phone battery 0%? oki >>>zero signs of activity? on all logged in devices?yes? oki >>>last time of signs of phone activity on all devices? device 1, 2:00pm device 2 5:00pm device 3 10:00pm?+++prompt the user someone is trying to login from out of oh hey but the user usually goes to sleep around this time...... account for that too...
+++360 video selfie of yourself with saying your simple phrase? super manual... has to be reviewed by a human. super anti- ai >>you got a new phone should be no problem right?*** +++time specific passcode:: time sensitive lets say the user picks 12:05pm to 12:10pm on their time the ui matches this with the time whatever country their in. >>>if the user doesn't login in their phone within the last 72 hours something maybe less idk >>>as for the keys your right is not seamless how about a passcode interface that ---how many times do people go about not** bringing their phones vs breaking their phones on another country? ----prompt what country their going to? ----ping the user on all logged in devices with activity thats someones trying to log in. i think google and amazon already uses this called 'OTP' they send it over to your email(mind you, you have to be logged in your email) ---lets check off all of these first and then give you this option.kinda thing -----an idea of a wireless SSD ring auth comes in mind for super auth purposes scenarios like this only. vs having to write down what recovery key. but this is super specific scenario... i too have encountered 2FA like... when my phone battery died. i was trying to login on the library computer...maybe prompting the user of simple 4 digit number combo before the phone dies? 2 image combo out of 9 images presented at front?
have a button appear which allows restricted access only...