GeoffC said:
+1
I'm also currently trying to develop a method for secure access to HMI special functions, like high level critical bypasses, only allowed under certain circumstances, and only by authorized people.
I constantly have the line engineers and operators peeking over my shoulder when entering my pin number. My colleague has told me he has seen them at the login screens from time to time trying different numbers. They are not authorized to access these functions, but yet they try.
I really like your method JesperMP, but I would only use it for functions where temporary access is permitted or acceptable. It would be useful if you're off-site and called by a manager demanding a HMI function be accessed or bypassed, etc.
Another idea we have come up with is simple, but effective. Put a key-switch near the HMI tied to an input. You turn the key, that only you or authorised persons have, and then enter your password. So even if someone gets the password, they won't have the key. You can still cycle your password using date/day/month, date/serial, etc.
The key-switch allows removal after turning it on, so you don't have to leave it there. If you don't want a bypass or function on indefinitely, you can use a time-delay-off in your program. You can either give a list of available times to select from, or allow entering of the timer preset, limiting the value to a maximum. A discrete message constantly reminds personnel that it's active. When the time elapses, or is soon to, a message displays to notify them. I always time out bypasses, etc. so they're never permanent.
Even though the key-switch is still in the ON position, the function cannot be a activated again until the key-switch is cycled.
Of course, control of the keys is critical but, it's a more difficult and deliberate action to acquire a key that you shouldn't have.
Finger print login would be better, but again, if you're not on-site when they want a function activated. No one person should have sole access to any function for obvious reasons.
However, I'm sure there are lots of programmers out there who do.
G.