The Need For Semi-Login For Websites
My Gmail Id was hacked. Most probably it was at the cyber cafe where I had gone for surfing the internet. Some prankster might have installed keylogger or something. Thankfully, the email id I used at the cafe was not important. But the issue of security made me ponder for a solution for such situations where we are forced to rely on others to secure their computers and networks.
The only thing I could think about is semi login. How about making a provision of logging in with limited powers and access. Similar to linux computers where we are encouraged not to login in with full administrative powers. But instead of having different username, we could have only different passwords. The password entered in the password box should decide whether the user wants to login using full login or semi login. This will ease the users from the hassles of remembering many Usernames.
For example, suppose "xyz@gmail.com" has the main password as "qwerty" and semi login password as "asdf". When logging in to the the service if the user enters the username "xyz@gmail.com" and the password as "asdf" then the service provider must know that the user wants to login using semi-login. Or else, we can make a option button that the user can select if he wants to use the semi-login functionality so that the service provider is notified about it.
Consider a situation for a Gmail account. Google has conquered our online world. It is the login for our email, adwords, adsense, shopping account as well as used as an username for third party services like Paypal, etc. If for some reason the Gmail account has been compromised then all other accounts are also in peril. This all could happen just because we wanted to check a friend's email forward or a newsletter. The solution is having something as semi-login. When logged in using semi-login, we must only have access to emails which are pre-decided by the user to be shown when he is in full login.
That is, the user can decide what all emails and which senders' emails can be accessed in semi-login. The user can easily make the "funny" mails, mail forwards and newsletters, ie. the unimportant stuff, accessible via semi-login. He cannot access other mails or change any account information. The user can decide what all things can be accessed and modified when in semi login. Which mails he wants to access and which mail he can reply to.
Also, in Adsense or paypal we can use semi-login to check today's earnings and nothing else. No inside data like channels, previous earnings, etc or account access, only the figure that will let the user know how much he has earned today. Even if the semi login password is compromised, the hacker can only access the unimportant mails.
The advantage of semi-login password is that the user can use the same password for semi-login for all his online accounts as it won't make much difference in the event that this password is known to someone else. As his main passwords will be different from the semi login password, as well as from each other, the hacker cannot cause any damage. For example, suppose the main password for "xyz@gmail.com" is "qwerty" and for "xyz@hotmail.com" is "zxcvbn" then we can use a semi login password for both the account "asdfg". However, online services must enforce policies to safeguard the main password like not allowing the semi login password to be a sub-string of the main password, etc.
Edit: Unimportant mails would include newsletters, etc. You can also mark any email you receive as unimportant. Also, you can filter incoming mails from friends who send email forwards, etc. Of course, the obvious problem is that what if that friend sends important email. However, usually most people have different email accounts for sending and receiving important emails and for leisure purposes like sending forwards.
0 comment:
Post a Comment