On 05/09/13 20:22, Toshio Kuratomi wrote: > On Thu, Sep 05, 2013 at 08:57:33PM +0200, Till Maas wrote: >> On Thu, Sep 05, 2013 at 12:01:35PM -0500, Ian Weller wrote: >> >>> This is the same for a form that asks for password + token >>> code, but a simple password + token code field raises too many >>> questions for someone who is logging in to an application and >>> has no idea what a token code is. >> >> IMHO it would be nice if the password field can be used to enter >> both password and token code at once to make login less annoying >> for 2fa users and therefore more likely that it is used. >> > At least on the backend that will need to be supported. There are > cases where we'll want to run applications that we don't write > ourselves that only have a single field for password. For those > situations, the backend will have to be able to handle parsing a > single password field for a combined password+2fa. > > I don't know if that needs to be expressed on the frontend but if > it's useful we might as well. > > -Toshio > > > > _______________________________________________ infrastructure > mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/infrastructure > I have another idea. Could we not do a password check, and if the password is correct, provide the 2fa interface, if then a user does not enter the 2fa, an email is send to the actual user informing of a failed login attempt, with the date and time and maybe IP ? Does this sound more secure to anyone else ? Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 Tristan.Santore@xxxxxxxxxxxxxxxxxxxxx Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: TSantore@xxxxxxxxxxxxxxxxx _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
