DoubleTap

DoubleTap was a concept that I came up with last year. In the grand scheme of things I guess it would be akin to MFA. On the surface, you will not pass validation you unless you have already visited another page which is unbeknownst to anyone but you. Simplistically it is a triangle. If all three sides do not exist, validation will fail. This can be extended to as many facets as you deem necessary. The facets consist of the client, the destination and the DoubleTap source. The DoubleTap Source can be usb, web page, api or almost anything where you can retrieve a random set of chars.. similar to a nunce. Client is anything that is trying to access the resource. DoubleTap is the method providing the strings. In a sense, it is similar to werd. If you do no know what is expected, you cannot access. If you are processing DoubleTap on the same host as the client you can accomplish this with session or cookie vars. If you a processing DoubleTap on two seperate resources then you will need to get a bit trickier. One example of this is that on my home machine I have a DoubleTap service running. It is expecting a DoubleTap usb to be inserted. If not inserted, anything deemed DoubleTap'd such as login is denied.. or in this case "logged out". More to come...