You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some sites have an issue with till users just grabbing a wristband or other NFC token and using it, not caring whether it is their own.
We could enable users to set a PIN or password, which the till could check in some circumstances. The best compromise between usability and security that I can think of is to check the PIN or password if the usertoken being used has not been seen for some time. (So, someone ["A"] working and regularly tapping in will not be asked for their PIN; if someone else ["B"] picks up another wristband that is also assigned to "A" and tries to use it, they will be asked for "A"'s PIN.)
Schema changes:
Add a password column to User
Add a "last successful login" column to UserToken, to be updated whenever the token is successfully used to access the till (whether the password was requested or not)
Configuration options:
Do we require users to set a PIN or password if they do not currently have one?
Should users be asked for their PIN or password?
How long can a usertoken go without being used successfully before the password is requested again?
We could possibly combine the last two into a single config item; no checks if blank, otherwise it's a length of time.
The text was updated successfully, but these errors were encountered:
Some sites have an issue with till users just grabbing a wristband or other NFC token and using it, not caring whether it is their own.
We could enable users to set a PIN or password, which the till could check in some circumstances. The best compromise between usability and security that I can think of is to check the PIN or password if the usertoken being used has not been seen for some time. (So, someone ["A"] working and regularly tapping in will not be asked for their PIN; if someone else ["B"] picks up another wristband that is also assigned to "A" and tries to use it, they will be asked for "A"'s PIN.)
Schema changes:
UserUserToken, to be updated whenever the token is successfully used to access the till (whether the password was requested or not)Configuration options:
We could possibly combine the last two into a single config item; no checks if blank, otherwise it's a length of time.
The text was updated successfully, but these errors were encountered: