Skip to end of metadata
Go to start of metadata

The idea

think about

  • Online Banking with SMS TAN
  • VPN Connections with One Time Token per SMS
  • Google 2factor fallback via SMS

 

"normally" you have to

  • unlock you phone
  • open the notification bar / SMS App
  • open the SMS with the Token
  • perhaps you have to stare a bit closer, since the font is too small, check back twice because the font is not that "type safe"
  • You don't see how long the token is valid
  • delete each message manually to not plumb your SMS storage

 

What this app might do:

in short:

  • solve above quirks (wink)

in long:

  • let's get a app that …
  • … feels like freeotp, Google Authenticator, <name it>  …
  • … has a great proFont that doesn't let any doubts between chars like "l" and "I" :=) …
  • … and let's you enter rules for incoming SMS Tokens, which includes …
  • … Sender ID, …
  • … Typical content (regex aware for professionals) …
  • … .
  • … You are also allowed to give the rules a simple name and …
  • … a hint about your username, …
  • … not to forget the typical time to live that is known for the service (defaults to 3min). …
  • … you might define an additional timeout, the SMS Token might be deleted automatically …
  • … or get a job that does a cleanup en batch …
  • … and an option to do this with or without (user) confirmation (but disabled for auto-delete, else it is nagging again) …
  • … The App should open up automatically …
  • … or as an extended notification (aware of and giving user hints if notifications are (not) set private on lock screen) …
  • … or as a popup …
  • … or as a lockscreen-Info (if it's possible aside the notification you might be set private) to not beeing forced to unlock (security flaw!!!) …

 

Further ideas:

  • give hints about https://twofactorauth.org/ listed services
    • either you use SMS token but HMAC OTP or time based OTP are availble as a better alternative
    • help to switch over
  • Share your settings …
    • … privatly via SMS …
    • … export them as a backup …
      • … into cloud and whatever …
    • … public (but anonymously) to other SMOTP users …
  • No labels