In response to UX mailing list thread.
Sign-up (pdf page 1&2)
A user is presented with multiple authentication methods to sign-up with GPII. They could use one or multiple of these methods.
- create username or enter existing email address (if email is used message is send after creating an account to confirm correct email address)
- password & confirm password
- RFID token (beam & add)
- USB key (insert & add)
- QR Code (generate & save, email(?), or print)
If a email login isn't created, user is required to generate a 'recovery ID'. In case of a lost password or token, the user can retrieve their account through the 'recovery ID'. The 'recover ID' is secure but not intended to be easily memorizable. The user should store this ID in a safe place.
A user can login to a device through any one of the authentication methods created. Logging-in applies their preferences to the device. The user can now make edits to the applied preferences through the PCP or PMT and save them to the cloud. However, areas of the PMT that contain identifying information or could change indentifying information are 'locked off' (account settings & preferences set conditions).
(pdf page 3)
In order to access these 'locked off' areas the user must provide one of the following:
- password (if a username/password login is one of the authentication methods)
- beam RFID, insert USB, or scan QR code (if username/password login is not one of the authentication methods)
- nothing (if USB has been used to login already, and username/password login is not one of the authentication methods)
Note: the 'recovery ID' is not used to access these 'locked off' areas, since it is not expected the user would be able to easily retrieve the ID at all times.
The 'locked off' areas are 'unlocked' after the user confirms their authentication and remain 'unlocked' while the PMT is open (or until the session times-out?). These 'locked off' areas are intended to prevent a user's account from being compromised in case they've forgotten to log-out of their account.
Logout (pdf page 5)
Different actions could be taken by the user to log-out depending on the method of authentication. However, there will always be an interface element to enable logging out directly from the PMT or PCP. Other possible ways to log-out:
- If a user beams a RFID or scans a QR code, they could perform the same action to log-out.
- If a user inserts a USB to login, they would eject the USB to log-out. (If they use the interface log-out button instead- they log-out but are are reminded to take the USB key)
- If a user is on a device that times-out or has a set session, after timing-out or at the end of a session they are automatically logged out. (If they have logged in with a USB key, they are reminded to take the key)
Adding & removing token authentication methods (pdf page 2)
At any point the user can add or remove authentication methods (as long as they have at least one other available method). Multiple token can be created within the RFID and USB authentication methods. When a token is added the name (if available) of that token is used to refer to it. If the token is currently being used to log-in (e.g. a USB key) a note indicates that to the user in the list of created tokens.
When a token is deleted, a user can no longer log-in with it. The user must follow the steps to create a token in order to re-add it.
Only one QR code can be used to login. A user can print or save multiples of the one QR code. If a user has lost their QR code, they could generate a new one to prevent others from accessing their account with the lost QR code. Generating a new QR code, removes the old QR code from being linked to their account.