To use visit: www.urrsa.com and follow the Register or Login link. A basic idea of how it works.
Register: you must register from a corpnet machine.
· Enter the (url, username) pair that you want to use. For example (www.hotmail.com, foobar@hotmail.com).
· Enter the password the account and click “Generate OTPs.”
· Print and carry the OTPs.
Login: you can login from any machine w/o typing your real password. You can use IE, Firefox, Opera, Safari etc.
· Enter the (url, username) pair exactly as before and click “Next”
· Enter the OTP as prompted and click “submit”
· Your browser will navigate to the url you selected (e.g. www.hotmail.com)
o If this is the login page the password field will appear auto-filled (this is not your password but a rogue value). Re-enter the username and click login. Don’t touch the auto-populated password field.
o If this is not the login page, you can click on whatever link you need to get there. Again, type the username and submit.
Notes:
·
This is an alpha prototype so don’t be shocked
if there are bugs. Please let us know
about any sites where it doesn’t work.
·
Certificate situation is in flux right now, so
just click through any and all cert errors (apologies).
·
This is for testing only. Please do not use this
for accounts of value (e.g. banks) or super-personal stuff. We do not store
passwords; everything is deleted as soon as it is passed to the end server, but
the password does flow through our system. We have not done PEN testing.
·
Please do test with free accounts such as:
o
Hotmail, gmail, yahoo,
paypal, amazon, myspace, facebook, ………
People who’ve
made this happen:
· Dinei Florencio
· Cormac Herley
· Ziqing Mao
· Erin Renshaw