Plain user login with tokens instead of OpenID

[ThomasLocke]

Since we (Responsum) made the switch to Google Apps for our e-mail / file sharing needs, we've learned one important lesson: Maintaining users with proper passwords is a huge pain.

It's actually so much of a pain, that I've had to create a secret file with all the users and passwords in it. Why? Because my users simply cannot remember their own passwords, and constantly resetting them is a pain in the neck.

People forget their passwords, primarily because I don't allow that they use their normal password of 123secret or abc123 or other similar horrors.

So that got me thinking: If we make the switch to a Snom hardware telephone, then we're going to need some method of coupling a Bob user login to a specific telephone. @rostgaard suggested a challenge/response system, where Bob provided the user with a pin code and the user would then match a telephone to his/her session by entering the pin code on any given telephone.

At first I didn't like that very much, as it seemed to me that we forced the user to do a double login every single day, but then it dawned on me: How about using that pin code / token as the password for the user? That way we could eliminate the need for OpenID logins for plain users.

We win on several fronts:

1. Coupling a telephone to a user is taken care of.
2. A user can login to the system, even if the OpenID provider is down.
3. Improved usability for administrators - no need to create external Google/whatever accounts for plain users.
4. Improved usability for users - no need to remember passwords. @TrineLocke likes this one a lot. :)

Perhaps with a bit of effort, we could also use the pin code / token system for administrative users, and let go of the OpenID login completely? It would allow us to remove a rather large blob of code from Alice. Just a thought.

What do you guys think?

[rostgaard]

:+1:

[sparre]

To me this sounds like falling back to password-based login, but I suppose you mean something else?

[PedersenThomas]

I think @ThomasLocke means with pin code is a dynamicly generated code, which is never used twice. So nothing to remeber for the agent.

[sparre]

How would that let us authenticate the users?

[ThomasLocke]

@sparre well, it wouldn't, but since everything single call is recorded, it's pretty hard for me to pose as Trine, so the question is: Does authentication matter for plain users?

Granted I'm not totally convinced that authentication doesn't matter, which of course is why I ended the initial post with a question to you all. :)

[rostgaard]

Challenge/response is already outlined in #100 and #101 so let close this discussion, and keep the "do-the-implementation" issues.