Is there any good solution to achieve password-free login for a web site? Background: The company has a large number of operators and many third-party partners. Many operators have the account and password of the Third-Party website. However, if the operator leaves the company, the password may be lost or leaked. So I need to... Is there any good solution to achieve password-free login for websites?
Background: The company has a large number of operators and many third-party partners. Many operators have the account and password of the Third-Party website. However, if the operator leaves the company, the password may be lost or leaked. Therefore, an account management system is required to manage these third-party accounts in a unified manner. At the same time, it is difficult to directly provide the account and password to the Operation staff, which may cause problems such as leakage or password modification.
Therefore, we want this system to manage user accounts and passwords in a unified manner. When a colleague needs to use an account, the system will directly provide a url link to the user, the url contains the encrypted account and password, and the information of the website to be logged on. You can directly log on to a third-party website by clicking the url link.
For example, O & M personnel A wants to log on to umeng to view the data. I don't need to directly tell him our account and password in umeng. I just need to generate A url in the account management system to provide it to him, he can click this link to log on to umeng's website. Is there any good implementation scheme for such a function? Or is there a ready-made solution? Business can also be considered.
Note: I found it online. It seems that all of them are implemented through browser extension? Does browser extension parse the password in the generated url link and automatically fill it in the login form? For example: https://lastpass.com/
Do you have any good suggestions or solutions? Thank you very much!
Reply content:
Is there any good solution to achieve password-free login for a web site?
Background: The company has a large number of operators and many third-party partners. Many operators have the account and password of the Third-Party website. However, if the operator leaves the company, the password may be lost or leaked. Therefore, an account management system is required to manage these third-party accounts in a unified manner. At the same time, it is difficult to directly provide the account and password to the Operation staff, which may cause problems such as leakage or password modification.
Therefore, we want this system to manage user accounts and passwords in a unified manner. When a colleague needs to use an account, the system will directly provide a url link to the user, the url contains the encrypted account and password, and the information of the website to be logged on. You can directly log on to a third-party website by clicking the url link.
For example, O & M personnel A wants to log on to umeng to view the data. I don't need to directly tell him our account and password in umeng. I just need to generate A url in the account management system to provide it to him, he can click this link to log on to umeng's website. Is there any good implementation scheme for such a function? Or is there a ready-made solution? Business can also be considered.
Note: I found it online. It seems that all of them are implemented through browser extension? Does browser extension parse the password in the generated url link and automatically fill it in the login form? For example: https://lastpass.com/
Do you have any good suggestions or solutions? Thank you very much!
If you are working closely with a third party, you can ask them to provide token support. Your server saves the user name and password and obtains a token through a third-party api. Then, your staff can use this token to go to a third party without having to enter the user name and password again. What do you think?
Lastpass doesn't mean anything. What lastpass does is remember your username and password and then submit the form for you.
What you need is that you do not need to authorize the user name and password to view some data. If a third-party Website Supports token, you can do it well. If not, you can't do it either.
I feel quite simple.
You can store a random string and use your own encryption method to encrypt it with the password. Then, you can pass the encrypted string to the user.
$ Id = $ user ['id']; $ password = $ user ['Password']; $ rand = ""; // generate a random string based on your own method, and save it $ token = md5 (sha1 ($ id. $ rand ). $ password); // encrypt it in a certain way, only for example, you can set it yourself
Then, send the $ id and $ token to the user. If the verification matches, the login is successful.
You can also set an expiration time to save it together.
Best Practice: Follow @ incNick to discuss cooperation with umeng and other websites that require user names and passwords, so that they can provide you with a login API, you can recruit programmers to develop a unified authentication system.
One way is to use the QQ client to save the "password ". Most account systems in China canDirectOrIndirectBind to the QQ account. Direct: Indirect: Baidu webmaster <-Baidu account <-QQ number
The following is how to log on to QQ by multiple operators. How about sharing QR codes?
Configure a proxy for the operator's computer and use the man-in-the-middle attack method to set cookies for the browser. When an operator attempts to log on to a website through a proxy, the proxy intercepts this HTTP request, disguising it as a common user logging on to a third-party website to obtain the Cookie, and then returns the successful login response to the browser of the operations staff.
1 password, no thanks