

Show HN: A 2-Factor contact-less authentication mechanism - rahul_appavatar
https://github.com/loitr/loitr-wp
Loitr is a 2-Factor(knowledge &#38; possession factors) authentication mechanism that any website can use. We have just released the Wordpress plugin. Any user of your blog can download the Loitr app &#38; scan the activation QR visible on their Dashboard(visible once plugin is activated by the blog admin) and next time all they have to do is scan the login QR at the login page with the Loitr app on their phone and they will be logged in.
Loitr doesn't need to know usernames or passwords of users of your blog. Loitr doesn't add to the security risk. And since there are no usernames or passwords involved, it does away with sniffing, key-logging, or any variant of a Man-In-The-Middle attack. Impersonation is not at all possible with Loitr.
I'd love to hear what the community thinks of it.
======
rahul_appavatar
Loitr is a 2-Factor(knowledge & possession factors) authentication mechanism.
Which means anyone other than the rightful user has to know the Loitr App
password & have the phone to do a successful impersonation. Any website with a
login form can sue Loitr. We have just released the Wordpress plugin for
Loitr. All that users of your blog have to do is download the Loitr app, and
scan the activation QR visible on their dashboard(visible if the Loitr plugin
is activated) and next time all they have to do is scan the login QR at the
login form.

Special Note: Loitr doesn't need to know the usernames or passwords of the
users of your blog, thus Loitr doesn't add to the security risk of your
service. Since there is no username or password in the entire method, it does
away with conventional MITM attacks.

I'd love to gather some feedback about what the community thinks of it.

