Yubico Forum

Re: Cached OTPs in login form

2008-06-10T09:20:33+01:00

The input type should not be 'yubikey', that would be an HTML error. Here are the tricks I've used for the demo server:

1) Auto-focus. Label the form, and use this:

Quote:

2) Autocomplete off. Passwords are typically remembered by the browser, which we don't want. Add autocomplete=off to the input field.

I think there was a third item to keep in mind, but I can't recall it now...

Thus, the State of The Art Yubico-Compliant HTML input from page will look something like:

Code:

Of course, the auto-focus may not always be applicable. On the forum, I think it would interfere with the forum auto-focus design.

Hope this helps.

/Simon

Statistics: Posted by Simon — Tue Jun 10, 2008 9:20 am

Re: Cached OTPs in login form

2008-06-10T08:08:42+01:00

Yes we need to improve the aesthetics in that part.

IMHO a YubiKey is like an ATM card:

[1] Insert it to the ATM or a service provider, it validates the token, knows who you are by linking the device ID to a user.

[2] Then ask for your PIN

The experience should be just like ATM to avoid any learning curves. But we are not doing it now since
Yubico's web designer just left Yubico for a "real" artistic design job.

Statistics: Posted by paul — Tue Jun 10, 2008 8:08 am

Cached OTPs in login form

2008-06-10T07:00:20+01:00

On the login form of the server, the input type is specified as "yubikey". Is it necessary to use this instead of "password"? Apart from being non-standard, it also gives you a long, ugly list of OTPs in your browser.

Statistics: Posted by jimbostyx — Tue Jun 10, 2008 7:00 am