On Fri, 26 Mar 2021 at 16:47, Kevin Fenzi <kevin@xxxxxxxxx> wrote:
On Fri, Mar 26, 2021 at 09:34:49PM +0100, Tomasz Torcz wrote:
> Dnia Fri, Mar 26, 2021 at 03:26:53PM -0500, Brandon Nielsen napisał(a):
> > On 3/26/21 3:24 PM, Matthew Miller wrote:
> > > On Fri, Mar 26, 2021 at 02:48:39PM -0400, Christopher wrote:
> > [Snip]
> > > > * In many places, including accounts.fedoraproject.org, in order to
> > > > log in, you have to append the OTP to your password, so it doesn't
> > > > really play nice with password managers.
> > >
> > > This is pretty common in my experience; it seems like password managers
> > > should support this pattern.
> > >
> >
> > I can't say I have ever appended an OTP to a regular password, and I use 2FA
> > everywhere I can.
>
> I second that. I've only seen OTP appending on FreeIPA's
> implementation of 2FA. Everywhere else it's first a normal password
> prompt, then second for 2FA code (or push notification to phone, which
> is way easier for user).
Notification via sms is... not too secure. ;(
Not counting the insecurity.. it was also expensive to run. Each send cost money and the software to do so was not opensource when we looked at it a while ago.
--
Stephen J Smoogen.
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
