On Thu, 7 Mar 2013 07:09:13 +0000 Clive Hills <discordianuk@xxxxxxxxx> wrote: > I suppose I have to bite and ask why yubikey is regarded as > single-factor? I guess it isn't something I know as well as something > I have? The way we had yubikeys deployed before (and what this thread is talking about) was single factor. You needed only your login/account name and the yubikey to login. While your login is indeed "something you know" it's not something that _only_ you know, it's something that anyone can trivially find out. The "something you know" in 2 factor auth has to be a secret only you know. ;) We are currently using yubikeys in a real 2 factor way in Fedora infrastructure, but thats something only folks with shell access and sudo access see right now. They have to enter password + yubikey (or google authenticator code) to sudo. We do hope to roll out more uses for 2 factor to web applications or other places, but we have not yet had time to do so. Also, I want to make sure when we do it's not a burden to contributors. kevin
Attachment:
signature.asc
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
