MudLog

We’re currently developing an authentication system that would enable single login to all the web applications we make in the PLW. But the idea of developing a central login system isn’t new: Microsoft’s Passport has been around for years and Google uses a similar system (also, see Google Account Authentication). We’re not really after that. We just want to have a system in place so that we don’t have to maintain individual login systems nor user information every time we build a new application. Since we’re thinking about implementing an authentication system, it’s good to think about authentication systems in general.

It’s crazy how many accounts we have. It’s even crazier to see how often we share common usernames and passwords. Traditionally, authentication is done through matching unique usernames to some alpha-numeric password. I’m no security expert, but this seems secure enough. However, many websites select users’ email addresses as their unique username, and since users are allowed to choose their own passwords, many end up setting the same password.

What happens when one of these sites compromises your information. They essentially have access to all other accounts that share the same username and password. Using an email address as a username is also a bad idea, since it’s a unique identifier that is attached to one name. It’s just as bad as schools using social security numbers as student numbers.

With our system, we go back to the old fashion way of using physical metaphors. Our metaphor is the locker. Usernames are mapped to a locker number (which also has a location) and the password is a combination lock. Usernames no longer have personal identifiers attached to it, and the combination lock gives the user the understanding that if you forget your combination, you’re sort of screwed. You have to ask someone with a master key or get a locksmith to cut it off.

Here’s the combination lock, using canvas and written in JavaScript. Works best if you use a PowerMate; mapping rotate right to right arrow key, rotate left to left arrow key and button press to the enter key.

Finally, I finished what once was called PLWicense. It is now renamed to something a little more descriptive, called MadLicense. MadLicense is a Mad Libs-style license creator. Users are given a license template based on popular open source licenses (for now the MIT and Apache Licenses, but more to be added) with only specific modifiable words. In a way, it makes license creation easy, but also challenging since only certain words are modifiable. With this restriction, it forces users to creatively place words to come up with an applicable license for themselves.