follow us @fiuscis breazehome 4.0 account security and ... · • web api: django rest framework...
TRANSCRIPT
Implementation and System Design• Database: PostgreSQL• Web API: Django Rest Framework with Python• Desktop frontend: NodeJS, AngularJS, HTML, Bootstrap, SASS• Mobile frontend: NodeJS, Ionic, AngularJS• OS: Ubuntu Linux• The system uses the MVC pattern with a client–server architecture• Version control: Gogs.io
Senior Project Spring 2018
BreazeHome 4.0 Account Security and Recovery
Student: Ronny Alfonso, Florida International UniversityMentor: Yuzhou (Aaron) Feng, Florida International University
Professor: Masoud Sadjadi, Florida International University
Problem• Need the registration process to include the
security question and the answer• User cannot reset his/her password• Need these functionalities available in the
desktop and mobile application• Database populated with unrecoverable
accounts
Acknowledgement
School of Computing & Information SciencesFOLLOW US @FIUSCIS
Current System• Web-based real-estate application• Provides property information and
services for home buyers, sellers, renters and realtors
• Designed to be simple and to have an intuitive user interface
Requirements• The security question and the answer
must be optional in the registration form• User’s account security must not be
compromised• Keep the user informed throughout the
whole process• The answer to the security question must
be hashed before being saved • User must be able to reset the password in
both versions
Reset The Password Sequence Diagram
Screenshots
Verification & Summary● User is allowed to enter the security question in the
registration process● User can reset password using a desktop computer and a
mobile device● Frontend Mobile verification done by testing pages with
Ionic Lab● Frontend Desktop testing performed using Browser
Automation Tool Selenium● The implementation has three security layers to prioritize
the integrity of the user private information
Solution• User friendly and easy to use desktop and
mobile version• The user can reset his/her password in
any of both versions• The implementation has three security
layers
The material presented in this poster is based upon the work supported by: Aaron Feng, Hao Ren, Leila Sahedi.I am thankful to the help that I received from my group members: Alex Dubuisson, Alexander Mohamed, Andreina Rojas, Andrew Christancho, Brandon Cajigas, Davi Guerra, Eithel Sierra, Elio Rosabal, Fernando Serrano, Jorge Cura, Lester Hernandez, Lyda Caballero and Richard Roda
1. First step to reset the password 2. Screen to enter the token
3. Screen showing the security question and the answer field
4. Final screen to change the password
Reset the password desktop version Reset the password mobile version
1. First step to reset the password
2. Enter the token 3. Security question and the answer
4. Final screen to change the password