current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Programmers Stack Exchange is a question and answer site for professional programmers interested in conceptual questions about software development. It's 100% free, no registration required.
up vote -2 down vote favorite

I guess this question has been asked before, but I wish to have fresh answers/ideas -

Problem details:

Let's say there's a system which allows users to participate in a survey. Users will sign on to it using SSO (single sign on), or another way like user/password.

AND, Let's assume this system is REALLY GOOD, everybody love it and there are tons of scammers who would like to cheat by logging in more than once, stealing identities.. etc.

The big question: What would be the best method to use authenticating the users?

Possible answers, I have brought so far:

  1. Using social security id (or any other "government" official ID number)

  2. Phone number (less intimidating.. but also less secure)

  3. Email + one of the above. And here's a question about emails: If I am using SSO (login with email/facebook), can I determine that the accounts entered are being actively used?

  4. Cookies/flash/storage/... can be used in combination with another, stronger identification method, but, since log-in's are not anonymous, browser storage/cookies are not the right method anyway.

Any idea will be appreciated ! :)

share|improve this question

closed as too broad by Jim G., GlenH7, gnat, Corbin March, svick Aug 28 '13 at 10:30

There are either too many possible answers, or good answers would be too long for this format. Please add details to narrow the answer set or to isolate an issue that can be answered in a few paragraphs.If this question can be reworded to fit the rules in the help center, please edit the question.
1  
Just charge a subscription fee, and let them register as many times as they want to. –  ddyer Aug 7 '13 at 7:13
add comment

2 Answers

up vote 1 down vote

Our bank calls us at our private phone number on file and provides a one-time access key. You could do the same with a text message; or an email to an email address on file, providing a one-time password reset link.

In addition, you can have security questions (mother's maiden name, favorite teacher, etc.)

share|improve this answer
    
Hi, thanks but I have a few problems with the method you advise: 1. It's too harsh on the users.. Let's say this system is more like an online magazine. Not mandatory participation and such, users might get intimidated. –  rub Aug 6 '13 at 21:26
    
2. Unless I ask the users for hard details, like social security ID or back account (!) number, identity stealing is still possible.. –  rub Aug 6 '13 at 21:29
    
Google two pass verification is also out there (thats Google the company doing this, not google the verb). –  MichaelT Aug 6 '13 at 21:48
    
Interesting! I'll check that out .. –  rub Aug 6 '13 at 23:08
add comment
up vote 1 down vote

AND, Let's assume this system is REALLY GOOD, everybody love it and there are tons of scammers who would like to cheat by logging in more than once, stealing identities.. etc.

Your Authentication process should be one-way encryption. Meaning that a password is only encrypted and you should never provide a decrypted method. It's not needed. If you provide a way to decrypt passwords you also could provide a means for someone to decrypt the passwords. I believe this is how Apache Servers do Authentication (correct me if I am wrong).

Now if you have a Secure Authentication process, then just log if a user votes. If they try to vote again then reject it. Simple

share|improve this answer
    
You are correct with the one way (digest/hash) idea. I have already thought about that. But the main problem I still didn't find a good answer to, is what details should the users be providing to authenticate that they are who they say they are. And, I am not saying that there is a simple solution to that.. –  rub Aug 6 '13 at 23:10
    
BTW waiting for my ranks to come up so I can vote you guys up ;( –  rub Aug 6 '13 at 23:11
add comment

Not the answer you're looking for? Browse other questions tagged or ask your own question.