Add new card function to kiosk #180
Comments
|
Can see this being a bit of a problem if someone manages to quickly "borrow" someone else's card and unscrupulously add several more. But if you use complex/generated passwords it's a nightmare at the moment. Maybe generating an email confirmation token link to then add the card, or something, would be a good compromise? |
|
Actually even that would be "not as easy as it looks" because the /kiosk stuff is publicly hosted and doesn't know if a visiting browser is actually the kiosk or not, so if you know someone's card ID you can use its backend to spam them with pointless emails (with email confirmation) or to just add random extra cards (if there was no extra authentication). |
|
We now have a QR code which helps with this - you can scan the QR code, then sign in on your phone (using a password manager if you wish) |
If you've got your current and a new card it'd be nice to be able to add the new one by swiping.
The text was updated successfully, but these errors were encountered: