Password protection

[GoogleCodeExporter]

An idea here:

Have the main screen protected by a pin pad layout which would enable
family members to login either on a touch screen tablet, a pc with mouse
clicks, or an iphone. From there protect the settings area with a regular
password for the home's 'HA administrator' so family members don't tamper
with it.

The main pin pad layout would also include a disarm button for quick access
when walking in or out of the house which would run 'heyu disarm' and also
unlock the gui, and also an Enter button to enter the GUI without the
disarm functionality.

When 'arming' from within the gui, it would 'logout' and put users at the
pin pad screen.

While the arm/disarm button and functionality could be added at a later
date, I feel that it would be easy to switch from password input to pin pad
input and make it into version 1.1

Original issue reported on code.google.com by brandtda...@gmail.com on 4 Mar 2010 at 9:55

[GoogleCodeExporter]

Since pin-pad input would only be numeric, this would not be as safe for guis 
which
are facing the entire internet (like mine)...maybe some other sort of quick
keyboard-less authentication can be used.

Original comment by brandtda...@gmail.com on 4 Mar 2010 at 10:00

[GoogleCodeExporter]

Maybe there is a way to detect if the connection is coming from the local 
network, or
the external interface (wan)?

Original comment by brandtda...@gmail.com on 11 Mar 2010 at 8:03

[GoogleCodeExporter]

What if you have an alpha-numeric password? I suppose a switch or alternate pin
password could be added.

Original comment by bwsamuels@gmail.com on 30 Mar 2010 at 1:26

[GoogleCodeExporter]

Part of this will come through the REST API. New UI's will be able to use the 
http basic auth.

Original comment by bwsamuels@gmail.com on 19 Jan 2011 at 1:54

[GoogleCodeExporter]

Ok, I have an idea to take advantage of the BasicAuth in http.

We can have username/password sets with different access levels.

For PIN layouts, I think we can set types to have different PINs for different 
access levels.

This will remove the login screen for domus on the default screen and access 
the browsers login popup.

We would have to come up with a new theme to do PIN auth.

Thoughts?

Brad

Original comment by bwsamuels@gmail.com on 11 Feb 2011 at 3:22

[GoogleCodeExporter]

I don't think pin pad layouts are as important for the interface used from the 
computer. More important for mobile device access. 

Different access levels is not really necessary. I just feel it would be easier 
and faster to get into the system, to do something like arm or disarm, on a 
mobile device with a pin pad rather than typing in a password.

Original comment by brandtda...@gmail.com on 11 Feb 2011 at 5:26

[GoogleCodeExporter]

I agree with the where the pin pad would be used and it is related to the 
theme. But, the underlying guts of the mechanism needs to be multi user as for 
PIN type authentication you may want different access levels with different 
PINs. The same would be true for username/password. Also, we can tie access to 
a specific alias to security levels. That way you can have users that only get 
to lights, but not appliances like the irrigation or thermostat.

I would like to propose this:

username/password || PIN is always required, currently there is a "no security" 
setting and we will have to do away with that.
These are tied to a security level -
0 = admin level - all access
1 = macro/timer/trigger and upload access
2 = allow starting of heyu but not stop and control of any aliases
3 - n = assignable to aliases and then limits control based on login.

example:

username = admin
password = xyz
security level = 0
This user can control or modify any setting and control all aliases

username = alt_admin
password = def
security level = 1
This user can modify trigger/macros/timers, start/stop, arm/disarm and control 
all aliases

username = jon_doe
password = qwerty
security level = 2
This user can control all aliases, start heyu if needed, arm/disarm, but no 
admin functions

username = jane_pane
password = poiuy
security level = 3
This user can only control aliases assigned level 3 and above

PIN = 123456
security level = 2
This user can start/stop/arm/disarm and control all aliases

PIN = 5678
security level = 5
This user can only control aliases of level 5 or above

Original comment by bwsamuels@gmail.com on 12 Feb 2011 at 4:48

[GoogleCodeExporter]

I will add another item to my above description. 

For a username/password or PIN entry, the security level can be set to must 
equal or equal to or greater. This solves an idea listed in the home security 
issue 32.

Original comment by bwsamuels@gmail.com on 12 Feb 2011 at 5:00

[GoogleCodeExporter]

This has been implemented with the new multi user/pin  control in the new 
2beta6.

Original comment by bwsamuels@gmail.com on 21 Feb 2011 at 1:54

• Changed state: Started
• Added labels: Milestone-v2.0

[GoogleCodeExporter]

This issue was closed by revision r834.

Original comment by bwsamuels@gmail.com on 23 Feb 2011 at 3:58

• Changed state: Fixed