0

I'm new here I hope this is the right place to ask this question, I work at a call center and I've been asked to create a TimeClock system however we have the problem that agents share their credentials and then one user will clock someone else in to help them report more hours, so I need a way to identify each user and make sure they don't do this.

Constraints - Tights budget, meaning there's no money to buy face recognition systems nor fingerprint authentication SDK that are a little expensive. - Users don't have separate Windows Accounts, they use the same account to log in on all the computers.

Do you have any idea what kind of authentication method I could use?

user3044096
  • 1
  • Do you have a reception that is occupied during work hours? – Tom K. Aug 09 '17 at 14:21
  • What do you mean by reception? – user3044096 Aug 09 '17 at 14:24
  • Something like [this](https://image.architonic.com/img_pro1-6/131/4969/z2-reception-17-sq.jpg). – Tom K. Aug 09 '17 at 14:26
  • Yeah, they do have one, the problem is, just becuase the got to the place doesn't mean they are actually working, because they could get in and then start doing something else as they usually do, that's more time paid, and we need to pay exactly for the time they are working at their computers – user3044096 Aug 09 '17 at 14:29
  • 1
    Wow, this sounds like a fun place to work at. – Tom K. Aug 09 '17 at 14:32

4 Answers4

2

You are looking for a technical solution for a social problem. That usually doesn't work. If you have a dishonest workforce who is collaborating against the company, they will always find a way to cheat the system. The only real solution is to fix the trust issues between your company and your employees.

But if you really want a technical solution, you might want to invest in a physical punch clock system and place it in some easily observable location where anyone with two punch cards will have a high risk of being caught.

Philipp
  • 48,867
  • 8
  • 127
  • 157
  • I'm going to try to convince them to buy the Fingerprint/sdk for me, as that's the only way I could actually do something, and yeah I think you're right about this being a social problem, thanks! – user3044096 Aug 09 '17 at 19:25
0

I think you are on the right track speaking of using 2-factor authentication, but going the biometric route may be too expensive for you.

There are a number of good systems you could implement using a user's cell phone or a keyfob as a 2nd factor.

Twilio's Authy is pretty easy to set up, where you can have Authy text message a code to people when they attempt to log in, and that code is used to fully authenticate.

This combines something a person knows (their password), with something they have (their cell phone).

There's also Google Authenticator and RSA SecureID, which work simlilarly by creating time-based codes that you enter along with your password.

These both have apps you can run on a phone, but also standalone keyfobs you can buy for those who don't have a phone, or don't want work stuff on their personal phones.

You can even use Google Authenticator as a 2nd factor for logging into Windows with Rohos, but it sounds like all your PCs share a common login, and workers need to log into a 2nd system, which is where you'll have to add support for these, most likely with some custom programming.

Unixmonkey
  • 196
  • 3
  • It sounds like a good idea, but what about if I don't care about being fired and I give my keyfob/phone to someone else so that person can log me in? or even if I don't give that person my phone, I could just put the password remotely even if I'm not at work – user3044096 Aug 09 '17 at 14:38
  • If people don't care about being fired, they will always find a way to screw your authentication system unless you implement a system which cannot be fooled. (Even going biometric might not solve this.) Maybe you should consider trying to improve work ethic than trying to getting full control over your employees. – Tom K. Aug 09 '17 at 14:41
  • Sounds like buying thumbprint scanners and their SDK are the way to go then for a purely technical solution. Could a few cheap security cameras at ingress/egress and the work area help? Then someone could audit any suspected cheaters, and verify they are onsite or not. – Unixmonkey Aug 09 '17 at 14:55
  • Thanks for your answer, yeah Unixmonkey, I think fingerprint scanners is the only way to go here! – user3044096 Aug 09 '17 at 19:23
0

Your problem is not the authentication system per se, as more is an ethical issue and a workspace issue (there is even a Workplace SO Community for this). In my opinion, nothing can prevent a user to share their Timeclock credentials with their colleagues, even if they are unique. I would put into place a system of random checks to see if the hours they put in are valid or not, and this combined with and adequate incentive (read monetary fine) should be enough to get the critical mass to use correctly the systems. You will always have outliers that will force the limits of any systems, but you want to apply the Pareto role - 80-20, meaning: make 80% of them follow the rules.

Elzo Valugi
  • 103
  • 1
  • 4
  • You are right, just trying to close as many doors as possible here, I'll see if I can convince them to buy the SDK for me – user3044096 Aug 09 '17 at 19:24
0

I agree with the other answers that you're looking for a technology solution to a human trust problem. You won't find one.

Biometrics will not solve your fundamental problem of users trying to cheat the system. For example, here's an intructables.com guide to duplicate a fingerprint for only a dollar or two in materials. Similar tricks apply for facial recognition / iris scan (although the latter is harder, for the time being).

If you are going to go down the biometrics route, you really need a security guard watching them carefully as they swipe their fingerprint to make sure they're not cheating.

At that point, it would be cheaper to just have the security guard check ID badges the old fashioned way.

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207