Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Human-Friendly Kiosk Passwords #556

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

NoRePercussions
Copy link
Contributor

It is a lot easier for someone to enter 16 characters of base64 than 64 characters of hex, for kiosks that cannot be deployed by an automated platform. This is just as secure.

It is a lot easier for someone to enter 16 characters of base64
than 64 characters of hex, for kiosks that cannot be deployed by
an automated platform. This is just as secure.
@DaAwesomeP
Copy link
Member

So the way it was designed for the techroom tablet (which I don't know where that ended up) is that this password is stored in an HTML file for a browser in kiosk mode. This HTML file logs in the user by going to a login URL. That way it logs itself in at boot but the user never sees or types the key.

If this is for the TV in techroom (which is not locked in a kiosk mode), then this authentication scheme is not the right one because someone could easily find and copy this key and take it elsewhere. For the case of a shared machine (not dissimilar to SM box, etc.) short-lived user sessions may make more sense? Or maybe we need IP address filtering.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants