On Wed, 6 Mar 2013 20:58:00 +0100 Andreas Bierfert <andreas.bierfert@xxxxxxxxxxxxx> wrote: > Hi folks, > > anyone else seeing "Yubikey single-factor authentication has been > disabled." when logging into fas or any other fas based services? > > I checked in fas and yubikey is enabled for my account (and has been > for years). Test auth in fas works. Yes, we disabled this and were not good about communicating that that change went live with our last fedora account system update. ;( We were meaning to change the error it outputs to go to a wiki page so we could communicate the change there, but we have not had a chance to push that change live to production. Basically the reasons are: 1) allowing yubikeys as a 1 factor auth means that anyone who gains access to your yubikey and who knows your fedora account system login can do anything they like with your account. 2) It's confusing to some people because they think "Oh, I am using a hardware device here, this must be 2 factor!" when it's not. We are hoping to enable real 2 factor with our applications, but haven't yet been able to do so. ;( Sorry for the trouble kevin
Attachment:
signature.asc
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
