Register: you must register from a corpnet machine.
· Enter the (url, username) pair that you want to use. For example (www.hotmail.com, email@example.com).
· Enter the password the account and click “Generate OTPs.”
· Print and carry the OTPs.
Login: you can login from any machine w/o typing your real password. You can use IE, Firefox, Opera, Safari etc.
· Enter the (url, username) pair exactly as before and click “Next”
· Enter the OTP as prompted and click “submit”
· Your browser will navigate to the url you selected (e.g. www.hotmail.com)
o If this is the login page the password field will appear auto-filled (this is not your password but a rogue value). Re-enter the username and click login. Don’t touch the auto-populated password field.
o If this is not the login page, you can click on whatever link you need to get there. Again, type the username and submit.
· This is an alpha prototype so don’t be shocked if there are bugs. Please let us know about any sites where it doesn’t work.
· Certificate situation is in flux right now, so just click through any and all cert errors (apologies).
· This is for testing only. Please do not use this for accounts of value (e.g. banks) or super-personal stuff. We do not store passwords; everything is deleted as soon as it is passed to the end server, but the password does flow through our system. We have not done PEN testing.
· Please do test with free accounts such as:
People who’ve made this happen:
· Dinei Florencio
· Cormac Herley
· Ziqing Mao
· Erin Renshaw