On Sat, Mar 27, 2021 at 11:08:19AM +0100, Tomasz Torcz wrote: > > > > Notification via sms is... not too secure. ;( > > https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber > > I didn't write SMS. SMS is terrible, it's the worst 2F channel nowadays. > I meant push notification, when the message is sent through secure channel > to your smart phone and you get popup asking for authorization. > At least: > > - Google does that: > https://s3.amazonaws.com/neowin/news/images/uploaded/2017/07/1500141361_google_mobile_prompt.jpg > > - Microsoft Suite (Teams, Outlook) on my corporate accounts: > https://techcommunity.microsoft.com/t5/image/serverpage/image-id/46536iDD69C684B52CC495 > > - My banking app (for login and transfer authorizations) > https://android.com.pl/apps/wp-content/uploads/2020/03/alior.jpg.webp > > This seem to be easiest and most secure 2FA, but requires cooperation > with Android framework. Next in line are FIDO/Yubikeys, and OTP codes. Ah, ok. Well, not everyone has access to them. I have a android based phone, but it's de-googled, so I can't get any google push notifications. Others may have i-phones or... perhaps even no smart phone at all. ;) But I suppose it could be possible to implement something like this for those that do. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
