Page MenuHomePhorge
Create Task
Maniphest T800

CODE: Asynchronous Login
Closed, SpitePublic
Actions

Description

When a user logs in with a username and password, when such password is stored in our database (using bcrypt), the number of rounds used can introduce a significant delay in password validation.

Since the validation job can be dispatched, the duration of this validation can happen in the background. During this time, the user could be requested to enter an OTP. Even so, a fast user may be too quick to have the credentials validated.

Details

Ticket Type
Task

Event Timeline

vanmeeuwen created this task.Oct 12 2015, 12:39 PM
vanmeeuwen raised the priority of this task from to 60.
vanmeeuwen updated the task description. (Show Details)
vanmeeuwen added a project: Admin.
vanmeeuwen moved this task to Backlog on the Admin board.
vanmeeuwen changed Ticket Type from Task to Task.
vanmeeuwen subscribed.
vanmeeuwen claimed this task.Oct 13 2015, 4:36 PM
vanmeeuwen moved this task from Backlog to In Progress on the Admin board.

The principle of asynchronous checking of passwords, while the user is receiving/typing/submitting a second factor for the authentication is implemented.

We do not, however, poll for any status of the job awaiting completion. We only take a one-shot attempt and do not even evaluate completion correctly. If you take it slowly, you pass.

vanmeeuwen edited projects, added PACK; removed Admin.Oct 16 2015, 10:49 AM
vanmeeuwen moved this task from Backlog to Unknown Object (Project Column) on the PACK board.Oct 16 2015, 10:55 AM
vanmeeuwen closed this task as Spite.Aug 23 2016, 2:27 PM
vanmeeuwen removed a project: PACK.