I'm looking to write an app that disallows some of the password login options (picture pw or pin) at certain moments - for myself and security reasons.
Any ideas how one would go about finding the APIs to use that can be run when the computer is locked and disallow a specific login option ?
I checked all classes under Windows.Security.Authentication, Windows.System.UserProfile, and Windows.System.Profile, but didn't see anything to toggle those login options. There are method to set the bg pic under Windows.System.UserProfile.LockScreen, but that isn't what i'm looking for - just the ability to toggle the picture pw and pin options.
If you want to alter the login process I believe you have to implement your own custom credential provider. There is a sample in the Windows SDK on how to do this.
You can find more info on MSDN.
Related
Im working on an app that requires a PIN to allow certain tasks (purchasing, dealing with credit cards, etc). I would like to add the ability to use biometrics.
I want to be able to ask for permission to use the biometrics without actually authenticating anything the first time.
for example, the flow would be as follows:
- user logs in
creates a PIN
App asks if they would like to use biometrics in the future
next time when PIN is required, authentication prompt appears.
the current flow:
user logs in
creates a PIN
App asks if they would like to use biometrics in the
future
next time when PIN is required, OS prompt appears asking if
user is ok with app using biometrics.
THEN
authentication prompt appears.
Ive played around with react-native-touch-id, react-native-biometrics and a few others.
I know i could have it triggered when i first ask to set the PIN but the system prompt options are not customizable.
Thank you for your input!
Disclaimer: This is more of an Auth0 Lock question--there isn't an "Auth0-Lock" tag yet, if someone with 1500+ rep wants to create one.
Anyone know how or if there is a way to make it so Lock does not show the email/username and password fields on the login tab, as well as the email, username, and password fields on the Sign Up tab?
I figured it out. The search results from Auth0's site took me to old documentation.
Solution:
the OPTIONS object you can pass into the lockProvider accepts a property called "allowedConnections", which is an array of string values. I just had to list the connection options I wanted to be ALLOWED rather than letting it show all the connections I have available for the app.
Documentation for Lock v10:
https://auth0.com/docs/libraries/lock/v10/customization#allowedconnections-array-
The follow allows users to log in but not to sign up with a username/password:
manage.auth0.com
Connections
Database
Username-Password-Authentication
Settings
Disable Sign Ups
Hi StackOverflow Community!
I am working at BOX API . Everything is fine,but I want to change the Authentication behavior.
Authentication process first go to box website for ACCOUNT HOLDER Authentication. Is it possible to auto Authenticate using username/password and users view ACCOUNT HOLDER files directly?
I am looking forward.
Similar question asked here with a solution involving renewing bearer and access tokens. Only restriction is that the renewal needs to occur at least once every 14 days. I hope this is a workable solution for you.
It looks like this isn't possible. The Box API uses OAuth 2.0 authentication, which explicitly requires you to redirect the user to the Box website so that they can "allow" access to their account. See http://developers.box.com/oauth/
Which SDK are you using iOS, Windows, Ruby, other? It is possible to auto-login basically it would involve having the user configure their username and password somewhere. Then if you take those stored values and using javascript calls you can input the username and password into the appropriate fields and then submit the form. Depending on the api you'll be presented with a different login screen.
Disclaimer Box changes their login screen frequently and seems really buggy so I wouldn't recommend this route but if you want to do it any way the javascript will look something like:
var username = "user1";
var password = "superSecretPassword";
document.getElementById('login').value = 'username';
document.getElementById('password').value = 'password';
document.forms[0].submit();
I am well aware of the security implications of this, so much so that I'm betting it doesn't exist, so before you call me crazy, that's why I'm asking.
I got really tired of having only my phone on me and installing a new app/whatever and finding myself needing to suddenly create a new application-specific password on the fly, and having to navigate Google's decidedly non-mobile-friendly security page to do that. I want to create an app of some kind that allows me to generate an application-specific password, whether by text or an Android app itself or something else. As I see it, there are two options here:
Use some Google Account Security API (if it exists) to create the application-specific password
Do scraping-type behavior (with proper credentials, of course) to automate its creation. I really don't want to do this.
Does anyone know (a) if this type of API exists, or (b) if there are any other ways to go about doing this? This app would be published on Github for self-hosting, obviously.
There is no official API to generate application-specific passwords.
I've solved this myself by doing a couple of things:
1) printing out the QR Code for the account that can be scanned by the Authenticator app in order to generate codes. I keep it secured in my desk. This allows me to reformat my phone without needing to turn two-step off each time.
2) use the browser sign-in for my Android device. When adding a Google account to an Android phone, just before the screen where you enter your username and password, click the menu button (or 3 dots on the screen if you have no menu button) and choose Browser sign-in. This allows you to login to an Android device with your username, real password and verification code rather than an application specific password.
This saves me from needing to generate application-specific passwords 95% of the time.
Jay
Is there an API that we can use that displays the usual username field, password field, and remember checkbox? This dialog can be usually seen when connecting to a server via Finder or when Safari requests for proxy information.
I am currently implementing this via CFUserNotification API to save myself from creating a window, etc. but I have to specify the fields and checkbox and retrieve them. What would really save time is an API that will abstract developers from having to worry about it. Does such API exist?
I don't think so. Actually I don't have an idea why apple should deploy an api for such a small task.
That's only a NSSecureTextField and a NSTextField. There are plenty of classes that help you add a password properly to the keychain.