Re: Security Ideas for new App I'm Building?

On Jul 30, 11:26 pm, comph...@xxxxxxxxx (Todd H.) wrote:
tekiegreg <codeswee...@xxxxxxxxxxxxx> writes:
Hi there, I'm currently a developer hired out to a multi-unit
franchisee in the Fast Food industry. Currently I'm building an
application that will be deployed to all our stores. Each store will
be running an application that will be connecting to a central server
here at the home office. Logins of some sort will be needed for each
store manager, but how to login has been a problem. The main issue
has been that the store managers have had a nasty tendency in the
past
to share usernames/passwords with people in the store that they
shouldn't, compromising security. So a standard user/pass won't do
necessarily. Our thoughts have already run as follows:

1) What about fingerprints? We've tried that, but had problems with
them in the past with greasy smudges on people's fingers proving
difficult for the scanners to authenticate properly.

2) Voice recognition? Nope, too much background noise in these stores
(and seeing as it's fairly constant and loud, often anyone gets in!)

3) Video recognnition? Is it good enough yet? Reasonably priced as
well?

So in a nutshell, what would you be thinking about?

Three words: Terms of employment.

You're attempting to throw a technology solution at a problem that is
better handled with an administrative control.

In short, train the managers that if they disclose their username/pass
to anyone, it's extremely serious, and they can be fired. Have them
recertify to this policy on a regular basis.

If they still don't comply, best to find out in the trenches why it's
so inconvenient for them to comply.

This may not work for your situation, but it's one avenue that
deserves some contemplation. 2 factor auth is somewhat expensive and
has downfalls as you cite.

--
Todd H.http://www.toddh.net/- Hide quoted text -

- Show quoted text -

Yup. They sign a formal document that states they can be fired for
sharing log ons, and you enforce it.
Don't even *think* about voice or video recognition, this is such a
dumb idea.
I'd suggest you use smartcard authentication and have them wear their
smartcards attached to their ID badge.

Ric

.

Relevant Pages

  • Re: Oddest Pesachdik food?
    ... Each year I'm increasingly amazed at what they've whipped up for Passover. ... I sent off an email after the local store manager never followed up ... I apologize for the mishap on the name. ... neither did the store manager. ...
    (soc.culture.jewish.moderated)
  • Re: Who Do You Think You Are? LIVE at Olympia
    ... An alternative is to ask the store manager if he would lend you his ... the safety corridors are impassable. ... They can't risk media with cameras to prove the obstruction ...
    (soc.genealogy.britain)
  • Re: Security Ideas for new App Im Building?
    ... store manager, but how to login has been a problem. ... You're attempting to throw a technology solution at a problem that is ... recertify to this policy on a regular basis. ...
    (comp.security.misc)
  • Re: OT: More Wal-Mart trying to become a Target...
    ... >>I'm not saying it's right, but as a former store manager, the reason ... >>store payroll at a certain percentage. ... >>long checkout lines, not the store manager. ... > My local Walmart has removed the "8 or fewer items" checkout. ...
    (alt.fashion)
  • Assulted by store security
    ... He grabbed me by my coat and wrist and we were kind of grappling outside the store. ... He said somethin glike "you hit me and I'll smash you one" so I was yelling at him "let me go you little shit" and the shouting escallated from there. ... An off duty police officer came along and broke up the tusssle and said that he was within his rights to detain me. ... Anyway, I was in a hurry to get back to my client, and went with the store manager to an office and let him open my bag and showed him the receipt. ...
    (uk.legal)