Seth Vidal (skvidal@xxxxxxxxxxxxxxxxx) said: > I can think of multiple ways to do it: > > 1. login to a web page > 2. click on 'auth me' button > 3. it sends you a txt msg > 4. you input the password it sent you > 5. you get a cert back that you use for auths for a set period of time > (24 hours?) > > or > > 1. login to a webpage > 2. download a key > 3. it sends you a txt msg which contains a password for that key > 4. the key + txt'd password allows you to login for a set period of time > (24 hours?) > > > Now, my question is - what is dangerous/silly about this? Can you, with only the password, change the phone number used for the second factor? Bill _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
