Temporary PIN authentication mechanism for a Jabber server
May 17, 2014 11:34 AM
Is there a way to add temporary PIN authentication in order to add a contact in Jabber (to a server running ejabberd)?
Essentially I don't want to expose the underlying user id for a user but want a temporary PIN generated by the user to be added as an authentication mechanism for another user to add the user with this pin. Similar to two-factor authentication, except the PIN is the only factor in this case (and only to add the user - where the real user id remains hidden). The PIN expires every 30 seconds.
Example:
A asks server to generate a PIN, A gets PIN and shows it on the screen.
B reads off screen on phone owned by A and punches it in.
The server allows the B and A to be on each other's buddy list.
Even if not using ejabberd as a Jabber server but using another platform, does a solution like this exist for self-hosted/cloud-hosted Jabber?
Essentially I don't want to expose the underlying user id for a user but want a temporary PIN generated by the user to be added as an authentication mechanism for another user to add the user with this pin. Similar to two-factor authentication, except the PIN is the only factor in this case (and only to add the user - where the real user id remains hidden). The PIN expires every 30 seconds.
Example:
A asks server to generate a PIN, A gets PIN and shows it on the screen.
B reads off screen on phone owned by A and punches it in.
The server allows the B and A to be on each other's buddy list.
Even if not using ejabberd as a Jabber server but using another platform, does a solution like this exist for self-hosted/cloud-hosted Jabber?
This thread is closed to new comments.