search

boyle / 2018-measure-stress

Using machine learning to investigate sympathetic activation of the autonomic nervous system (SAANS) during the treatment of mild traumatic brain injury, chronic pain, and post-traumatic stress disorder.
3 stars 1 forks source link

Local Authentication #2

Closed fcharih closed 5 years ago

fcharih commented 5 years ago

Problem: Local authentication should be supported. Clinicians should be able to authenticate even if the network is down.

fcharih commented 5 years ago

Additional comment: Clinicians should be prompted to periodically confirm their identity. Two options for this:

  1. Fingerprint (if supported by the device)
  2. A 4-digit PIN
boyle commented 5 years ago

Answer: The application on the tablet sees the user name and password in clear text. It can store them locally (salted and hashed), and allow login if the server is unavailable.

A password reset/change at the webserver still needs to be handled at the first opportunity, so the app should check in with the server and clear the local password hash if authentication to the server fails with the current password.

Password hash logic:

  1. If authentication to the server fails but the local check succeeded, clear local password hash, return to login page with error.
  2. If authentication to the server succeeds, update the local password hash.
  3. If authentication to the server is unavailable (timeout, not found, no dns), check local hash and allow login if match