Theres 2 options here when you use this method. (it depends on phone model, some models can only have a software-based keystore and that is not as secure as a hardware based key storage) Am I right and would this therefore be a bad way to approach software piracy or website content protection?Įither, you can use Android Keystore System to generate a key inside Secure Storage, such as the private key is either very hard, or impossible to extract. It seems from what I have read so far that if he copies that QR code to all his friends and family (screenshot and send it or whatever way) and they also simply scan it on their Google Authenticator application and then they will have the same access as he does. My problem comes in with that QR code (or code he types in) that is created when linking my service to his Google Authenticator app the first time. Since sending smss's (that should go to only one device) becomes rather expensive, I was hoping that the Google Authenticator app would be a cheaper option since it happens on his device, to ensure it's the same person who logs into the website. IP Address, device type, location etc, is not a great way to authenticate him since I want him to be able to login at any computer or from any mobile device provided he is present there himself when doing so. The problem with that is that one person can subscribe and give his username + password to everyone he wishes and all can then get free access. It currently uses a normal username and password authentication. The services I offer on it is of a word games-nature so it really doesn't need serious banking "Ford Knox" type encryption, and is therefore very basic user authentication security I need. I have a commercial website where people pay to use the services on it.
0 Comments
Leave a Reply. |