July 16th, 2013

Want to Login to LuxSci from your Mobile Phone with a Single Touch?

Quick Mobile Login

Mobile access to member web sites without an app is generally very tedious, as it requires entering a username and password to gain access … typing them in on the minuscule smartphone keyboards.  Annoyance with the time this takes often overrides the desire to use the web site.

Furthermore, if you are doing something else that requires your attention … typing in a username and password can be dangerous (you shouldn’t be multitasking when one task requires full attention … but people do it every day).

LuxSci has updated its WebMail interfaces so that you can login now with a single touch or click — the entering of usernames and passwords can be completely eliminated.  We call this method of access “Quick Login”.  People using Quick Login feel an immediate sense of relief with the speed and ease of access to their email, contacts, calendars, files, and other items.  LuxSci’s mobile web site now feels just like an app.

How Quick Login Works

In short:

  1. The user logs into LuxSci using his/her regular username and password.
  2. The user goes to his “My Profile > Quick Logins” page.
  3. The user authorizes the current browser and device for Quick Login.
  4. Next time the user goes to the login page, a big button will appear that can be clicked / touches to log the user right in.  One click and in.

More specifically, the account administrator can control if users can enable Quick Logins for themselves or if the administrator must enable quick logins for each user that requires it.  The latter is the default for all old accounts and all new security-enabled accounts.

User Self Provisioning

For users permitted to provision Quick Logins for themselves:

  1. Login info the WebMail Interface using the web browser on the device that you want to have the Quick Login added to.
  2. Navigate to “My Profile > Quick Logins”.
  3. Add a new Quick Login: specify a title for it, how long it should persist, if it is for the mobile and/or full web interfaces, and certify that your device is private and secure.

Administrative Provisioning

For cases where administrators must provision users, the procedure is as follows:

  1. The administrator goes to the “Quick Logins” page for the user in question in the administrative area.
  2. The administrator adds a new Quick Login – specifying a title, an expiration, and if it is for the full and/or mobile portals.
  3. The administrator gets an “authorization code” for this Quick Login and communicates that to the user anyway that s/he desires.
  4. The user logins into the WebMail Interface using the web browser on the device that s/he wants to have the Quick Login added to.
  5. The user navigates to “My Profile – Quick Logins”.
  6. The user enters the Authorization Code and certifies that this device is private and secure.

When do Quick Logins Expire?

Once a Quick Login is installed on on a device/web browser, it can be terminated/invalidated in the following ways:

  • When the user clears the cookies in that web browser
  • When the user changes his/her password
  • When the expiration date of the Quick Login arrives (the expiration is chosen when the Quick Login is created)
  • When the Quick Login is deleted from the user’s “My Profile > Quick Logins” page by the user or an administrator

Thus is it quite easy for a user or an administrator to invalidate a single Quick Login or all Quick Logins for a user at any time.

Don’t Quick Logins make an Account Less Secure?

Yes – Quick logins can decrease the security level of an account because if an unauthorized person gains access to the specific device and browser with the Quick Login enabled, that person can login without a username or password.

Quick Logins are designed:

  1. To use on mobile devices — particularly ones that are password protected and otherwise secured
  2. To behave like apps on mobile devices — where you enter the username and password to the app once, and that login persists “forever”.

Quick Logins can be used on desktops and laptops for access as well … and that can be useful in cases where these devices are also provided.

What about HIPAA Compliant Accounts?

For high security accounts, such as those with HIPAA compliance requirements, Quick Logins are limited:

  • Account and Domain Administrators are not permitted to use Quick Logins for themselves at all.
  • Users are never permitted to self-provision Quick Logins — an Administrator must enable a Quick Login for an approved user and communicate an authorization code to that user.

Even in lower security accounts, administrators are only allowed to access the “mobile site” via Quick Login, for security reasons.

Leave a Comment

You must be connected or logged in to post a comment. This is to reduce spam comments.

If you have not previously commented, you can connect using existing social media account, or register with a new username and password.