DEV Community

Cover image for EPHELOG
Asher Mathews Shaji
Asher Mathews Shaji

Posted on

EPHELOG

Usernames and passwords are ubiquitous today on possibly any website. In this online era, passwords are considered a mechanism of security. But often, one might come across a situation where he/she needs to share login credentials with a friend, colleague, or acquaintance. The most common practice is to change this password later. Not only that, it is possible that most people tend to keep similar passwords in different handles, putting them all at risk.

These temporary credentials expire after a specified interval. After they expire, any calls made with those credentials will fail, so one must generate a new set of temporary credentials. Temporary credentials cannot be extended or refreshed beyond the originally specified interval. A history of the login and the logout details are also recorded.

Detailed Working:

  • For this service, both the users, the one who needs to share his login credentials and the one who requires it, need to login to the platform. They will be provided with a unique username.
  • After logging into the required platform, the user can select Ephelog service from the extensions tab and copy the site link, and the Ephelog username of the intended user.
  • The login credentials (real username and password) are not stored in the server, temporary tokens are generated dynamically and provided to the intended user. Tokens are basically masked session ids.
  • Using the token, the intended user can login and use the site for the allowed time frame. He can enter the token on the extension bar and the browser tab will refresh itself to let the user use the platform. Until the temporary login credentials expire, he can surf the site.
  • When the timer runs out, the site refreshes again and the session will expire automatically.
  • The temporary login credentials have a limited lifetime, so one does not have to rotate them or explicitly revoke them when they're no longer needed. After they expire, they cannot be reused. The user can specify how long the credentials are valid, up to a maximum limit

Top comments (0)