opus icon indicating copy to clipboard operation
opus copied to clipboard

Published 20 hours ago verified publisher icon OpenMined

Fraud Prevention - How do we ensure users don't share accounts

Open carrollgt91 opened this issue 4 years ago • 2 comments

One of the cornerstones of success in this project is to ensure that a given account is verifiable as a unique individual, as bolstered by various third-parties. However, if person A shares their OMPIS account with person B, and person B is then able to act on behalf of person A, then we reduce many of the important guarantees that are necessary for this app to function.

One of the most important use-cases is in-person validation of data. How do we prevent person B from logging into person A's account and having person A's data validated instead of their own? Even if we do something along the lines of "locking down" the application to a single account per device, what's to prevent someone from sharing that device?

carrollgt91 avatar Mar 22 '20 23:03 carrollgt91

For the in-person use-case, requiring they use Face ID/fingerprint scanning or some other biometric reading would prevent device sharing. This would need to be in conjunction with a "single account per device" model, or else the same device could sign into multiple accounts. We'd also need to enforce a "single device per account" model to ensure that a user does not simply associate their account with multiple devices that are actually owned by other people.

For users that don't have any sort of biometric authentication on their phone, we could potentially use photographs to help with verification. This poses a number of follow-on problems, though - how do we ensure the photographs identify the person in question? We definitely don't want to store those photographs ourselves, but if we just pull them from i.e. Facebook, we don't have a guarantee (without some user intervention) that they're sufficient for identifying the person in question. In addition, if the place where the photos were stored allowed for the easy change of said photographs, the photo-verification piece could easily be manipulated by changing the photos to ones of the person wanting to use the account in real-time.

carrollgt91 avatar Mar 24 '20 19:03 carrollgt91

This also needs to consider usability as a first class feature- in the use case of testing, not overburdening the user during login is important.

kevinahuber avatar Mar 25 '20 00:03 kevinahuber