Re: 2factor auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Oct 19, 2011 at 07:18:34AM -0700, Toshio Kuratomi wrote:

> > As for "lost token", the idea would be that the admin would be able to
> > reset the user's login requirements to password or similar until a new
> > token can be mailed out. (Leaving it up to the admin to perform proper
> > verification that the token was actually lost vs. a social-engineering
> > attempt).
> 
> So we might want to allow some of that to be done without admin
> intervention.  As I say, we do not have the ability to do proper
> verification over the majority of our account holders.  With that in mind,
> we have two choices -- refuse them access, so they have to create a new
> account or allow them to change token with minimal verification.  If the
> latter, then there's no need for admin's to be involved.

There are several ways to prove one's identity that can be used if the
token is lost. For example:

- access to a private SSH key
- access to a private key of a client SSL cert
 - might even be one issued by e.g. cacert
- access to a private gpg key
- access to text messages to a certain mobile number
- access to voice message to a certain phone number
- ability to create a picture or video of oneself with a certain message
  included
- ability to meet with other Fedora account holders that verify a ID card
- ability to receive mail to a certain postal address
- ability to receive e-mail
- ability to receive payments via certain bank accounts
- ability to receive jabber messages

Depending on timing requirements and probability whether certain methods
might be compromised if a token is compromised a combination or only
several ones might be used.

Kind regards
Till
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure


[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux