dkelly/nkode-landing-page
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated copy

Browse Source
This commit is contained in:
Donovan
2024-10-26 16:27:22 -05:00
parent b2847ed853
commit 8f86a1dd39
6 changed files with 134 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
index.html
View File

@@ -39,7 +39,7 @@
</div>
<div class="ml-auto">
<button class="bg-orange-500 text-white py-2 px-4 rounded-full hover:bg-orange-600 transition duration-200 text-sm sm:text-lg">
<a href="https://www.nkode.tech">Try nKode <span aria-hidden="true">&rarr;</span></a>
<a href="https://app.nkode.tech">Try nKode <span aria-hidden="true">&rarr;</span></a>
</button>
</div>
</div>
@@ -70,7 +70,7 @@
</div>
<button class="bg-orange-500 text-white py-2 px-4 rounded-full hover:bg-orange-600 transition duration-200 text-sm sm:text-large">
<a href="https://www.nkode.tech">Try nKode <span aria-hidden="true">&rarr;</span></a>
<a href="https://app.nkode.tech">Try nKode <span aria-hidden="true">&rarr;</span></a>
</button>
</div>
</div>
@@ -79,11 +79,16 @@
</header>
<main>
<div class="mx-auto lg:max-w-3xl sm:max-w-xl max-w-sm mb-8">
<h2 class="text-4xl tracking-tight text-black py-24">
<div class="text-4xl tracking-tight text-black py-24">
<span class="text-orange-600 font-semibold">n</span>Kode is <span class="font-semibold">easier</span> to remember and more <span class="font-semibold">secure</span> than a password
</h2>
<div class="text-center mt-8">
<button class="bg-orange-500 text-white py-2 px-4 rounded-full hover:bg-orange-600 transition duration-200 text-sm sm:text-lg">
<a href="https://app.nkode.tech">Try nKode <span aria-hidden="true">&rarr;</span></a>
</button>
</div>
</div>
<section id="create-an-nkode" class="scroll-mt-24">
<h3 class="text-4xl">Create an nKode</h3>
<h3 class="text-4xl">How To Create an nKode</h3>
<p class="text-2xl mt-4">1. Enter your email</p>
<img class="w-3/4 mx-auto mt-8" src="assets/signup.png">
<h4 class="text-2xl">2. Set your nKode</h4>
@@ -108,17 +113,17 @@
</section>
<section id="how-nkode-works" class="scroll-mt-24">
<h3 class="text-4xl mt-8">How nKode Works</h3>
<h4 class="text-2xl mt-4">Interface Settings</h4>
<h4 class="text-2xl mt-4">Keypad Settings</h4>
<p>
Your nKode interface is configurable.
Under advanced settings, you can change the number of keys and the number of attributes per key.
(from this point forward, this document will use the term attribute instead of icon)
Your nKode keypad is configurable.
Under advanced settings, you can change the number of keys and the number of attributes (icon) per key.
From this point forward, we will use the term attribute instead of icon.
</p>
<img class="w-3/4 mx-auto mt-8" src="assets/advanced_settings.png">
<h4 class="text-2xl mt-4">Account Creation</h4>
<p>
The server is able to deduce your nKode from two entries.
Notice how, in the set and confirm images below, no attribute in the set nKode interface share a key with any other attribute in the confirm.
Notice how, in the set and confirm keypads below, no attribute in the set keypad share a key with any other attribute in the confirm keypad.
This is called an attribute dispersion.
</p>
<div class="flex flex-row">
@@ -127,26 +132,26 @@
</div>
<h4 class="text-2xl mt-4">Attribute Dispersion</h4>
<p>
The login interface looks different than the set and confirm interfaces.
The login keypad looks different from the set and confirm keypads.
It has three more attributes per key.
A dispersion is possible if the number of attributes per key is less than or equal to the total number of keys.
Since the login interface has more attributes per key than keys, we call this a dispersion-resistant interface.
If a malicious actor steals your interface, they can use your interface to phish for your nKode.
If the login interface was dispersable, an attack might go like this:
Since the login keypad has more attributes per key than keys, we call this a dispersion-resistant keypad.
If a malicious actor steals your keypad, they can use your keypad to phish for your nKode.
If the login keypad was dispersable, an attack might go like this:
</p>
<ol class="list-decimal list-inside mt-2 space-y-2">
<li>You click a malicious link from your email or text saying you need to authorize USPS to send you a package (or whatever the latest scam is today).</li>
<li>You're redirected to a site with your nKode interface requesting authorization with your nKode.</li>
<li>You're redirected to a site with your nKode keypad requesting authorization with your nKode.</li>
<li>You enter your nKode, but you're informed you entered the wrong nKode.</li>
<li>The attacker disperses your interface and requests you enter your nKode again.</li>
<li>The attacker disperses your keypad and requests you enter your nKode again.</li>
<li>You enter it again, and your nKode is stolen.</li>
</ol>
<p>
The greater the difference between the number of attributes per key and the number of keys, the greater the dispersion resistance, which comes with trade-offs.
If there are too few keys, it becomes easier to randomly enter keys and accidentally get into your account without actually knowing your nKode.
If you increase the number of keys without increasing the number of attributes per key, your interface becomes more dispersable.
If you have too many attributes and keys, the interface is too busy, which makes it challenging to find your attributes.
If you increase the number of keys without increasing the number of attributes per key, your keypad becomes more dispersable.
If you have too many attributes and keys, the keypad is too busy, which makes it challenging to find your attributes.
</p>
<h4 class="text-2xl mt-4">Server-Side Attributes</h4>
<p>
@@ -177,7 +182,7 @@
<div class="text-center mt-8">
<button class="bg-orange-500 text-white py-2 px-4 rounded-full hover:bg-orange-600 transition duration-200 text-sm sm:text-lg">
<a href="https://www.nkode.tech">Try nKode <span aria-hidden="true">&rarr;</span></a>
<a href="https://app.nkode.tech">Try nKode <span aria-hidden="true">&rarr;</span></a>
</button>
</div>
@@ -189,7 +194,7 @@
<p>
At the time of this writing, nKode is only a demo web application.
Ideally, all nKode authentication is done through a mobile application.
A mobile application can make nKode more secure by requiring passkeys and biometric authentication to get the nKode interface.
A mobile application can make nKode more secure by requiring passkeys and biometric authentication to get the nKode keypad.
This makes it very difficult to steal or use your nKode.
</p>
<h5 class="text-xl mt-4">1. MFA Prompt Bombing</h5>
@@ -205,10 +210,10 @@
Since a user has to look for their nKode, it prevents them from quickly typing in a passcode without thinking, giving them a chance to reconsider their decision. </p>
<h5 class="text-xl mt-4">2. Service Desk Social Engineering: Scattered Spider</h5>
<p>
An nKode interface is made from any visual attribute.
An nKode keypad is made from any visual attribute.
To make this more concrete, take a look at <a class="text-orange-600 underline" href="https://www.flaticon.com/search?word=abstract">Flaticon</a>.
If every employee at the service desk has a randomly generated interface from abstract visual attributes like those found on Flaticon, an employee would have difficulty explaining their nKode.
Moreover, this interface can be further protected with a 2FA keycard so only the employee can render their interface.
If every employee at the service desk has a randomly generated keypad from abstract visual attributes like those found on Flaticon, an employee would have difficulty explaining their nKode.
Moreover, this keypad can be further protected with a 2FA keycard so only the employee can render their keypad.
For an attacker to get a target's nKode, they'd have to be with the target, and the targeted employee would have to point to the attributes on their screen since they're difficult to describe in words.
The attacker must also steal the employee's 2FA keycard to render the login screen.
</p>