tekiegreg <codesweeper@codesweep.com> writes:
> Hi there, I'm currently a developer hired out to a multi-unit
> franchisee in the Fast Food industry. Currently I'm building an
> application that will be deployed to all our stores. Each store will
> be running an application that will be connecting to a central server
> here at the home office. Logins of some sort will be needed for each
> store manager, but how to login has been a problem. The main issue
> has been that the store managers have had a nasty tendency in the
> past
> to share usernames/passwords with people in the store that they
> shouldn't, compromising security. So a standard user/pass won't do
> necessarily. Our thoughts have already run as follows:
>
> 1) What about fingerprints? We've tried that, but had problems with
> them in the past with greasy smudges on people's fingers proving
> difficult for the scanners to authenticate properly.
>
>
> 2) Voice recognition? Nope, too much background noise in these stores
> (and seeing as it's fairly constant and loud, often anyone gets in!)
>
>
> 3) Video recognnition? Is it good enough yet? Reasonably priced as
> well?
>
>
> So in a nutshell, what would you be thinking about?

Three words: Terms of employment.

You're attempting to throw a technology solution at a problem that is
better handled with an administrative control.

In short, train the managers that if they disclose their username/pass
to anyone, it's extremely serious, and they can be fired. Have them
recertify to this policy on a regular basis.

If they still don't comply, best to find out in the trenches why it's
so inconvenient for them to comply.

This may not work for your situation, but it's one avenue that
deserves some contemplation. 2 factor auth is somewhat expensive and
has downfalls as you cite.

--
Todd H.
http://www.toddh.net/