Implementation and System Design • Database: PostgreSQL • Web API: Django Rest Framework with Python • Desktop frontend: NodeJS, AngularJS, HTML, Bootstrap, SASS • Mobile frontend: NodeJS, Ionic, AngularJS • OS: Ubuntu Linux • The system uses the MVC pattern with a client–server architecture • Version control: Gogs.io Senior Project Spring 2018 BreazeHome 4.0 Account Security and Recovery Student: Ronny Alfonso, Florida International University Mentor: Yuzhou (Aaron) Feng , Florida International University Professor: Masoud Sadjadi , Florida International University Problem • Need the registration process to include the security question and the answer • User cannot reset his/her password • Need these functionalities available in the desktop and mobile application • Database populated with unrecoverable accounts Acknowledgement School of Computing & Information Sciences FOLLOW US @FIUSCIS Current System • Web-based real-estate application • Provides property information and services for home buyers, sellers, renters and realtors • Designed to be simple and to have an intuitive user interface Requirements • The security question and the answer must be optional in the registration form • User’s account security must not be compromised • Keep the user informed throughout the whole process • The answer to the security question must be hashed before being saved • User must be able to reset the password in both versions Reset The Password Sequence Diagram Screenshots Verification & Summary ● User is allowed to enter the security question in the registration process ● User can reset password using a desktop computer and a mobile device ● Frontend Mobile verification done by testing pages with Ionic Lab ● Frontend Desktop testing performed using Browser Automation Tool Selenium ● The implementation has three security layers to prioritize the integrity of the user private information Solution • User friendly and easy to use desktop and mobile version • The user can reset his/her password in any of both versions • The implementation has three security layers The material presented in this poster is based upon the work supported by: Aaron Feng, Hao Ren, Leila Sahedi. I am thankful to the help that I received from my group members: Alex Dubuisson, Alexander Mohamed, Andreina Rojas, Andrew Christancho, Brandon Cajigas, Davi Guerra, Eithel Sierra, Elio Rosabal, Fernando Serrano, Jorge Cura, Lester Hernandez, Lyda Caballero and Richard Roda 1. First step to reset the password 2. Screen to enter the token 3. Screen showing the security question and the answer field 4. Final screen to change the password Reset the password desktop version Reset the password mobile version 1. First step to reset the password 2. Enter the token 3. Security question and the answer 4. Final screen to change the password