Currently, 2-step verification leaves much to be desired and is not nearly ubiquitous enough. We always have our phones at arms length, so why not use them to identify ourselves online?
What it does
Sesame allows users to securely store email/username and password combinations in the cloud. Upon visiting a site, the chrome extension sends an authentication request to the mobile device, where a fingerprint is enough to complete the sign in.
How we built it
- Uses socket.io to communicate with the server
- Fully-featured password manager
- Also written in JS
Web server backend
- NodeJS environment
- CouchDB storage
Challenges we ran into
- Creating a system where API calls are authenticated before they are resolved
Accomplishments that we're proud of
- iOS keychain storage & fingerprint scanning
- Usabilty of the chrome extension
- The speed of the entire process of authenticating using a mobile device
What we learned
- How to write a chrome extension
- Saving a partial hashed key to verify pin is correct, using the other piece to encrypt the data
What's next for Sesame
- API that allows web services to use Sesame as the primary form of authentication.
- Native push notifications
- Link multiple devices to an account