On Fri, Mar 26, 2021 at 09:34:49PM +0100, Tomasz Torcz wrote: > Dnia Fri, Mar 26, 2021 at 03:26:53PM -0500, Brandon Nielsen napisał(a): > > On 3/26/21 3:24 PM, Matthew Miller wrote: > > > On Fri, Mar 26, 2021 at 02:48:39PM -0400, Christopher wrote: > > [Snip] > > > > * In many places, including accounts.fedoraproject.org, in order to > > > > log in, you have to append the OTP to your password, so it doesn't > > > > really play nice with password managers. > > > > > > This is pretty common in my experience; it seems like password managers > > > should support this pattern. > > > > > > > I can't say I have ever appended an OTP to a regular password, and I use 2FA > > everywhere I can. > > I second that. I've only seen OTP appending on FreeIPA's > implementation of 2FA. Everywhere else it's first a normal password > prompt, then second for 2FA code (or push notification to phone, which > is way easier for user). Notification via sms is... not too secure. ;( https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber IMHO, it would be nice for more things to move to webauthn / U2F / whatever they call it today. (Basically just press the button on your yubikey or whatever when required to prove you are the one who has it). kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
