Dnia Sat, Mar 27, 2021 at 10:56:32AM -0700, Kevin Fenzi napisał(a): > On Sat, Mar 27, 2021 at 11:08:19AM +0100, Tomasz Torcz wrote: > > > > > > Notification via sms is... not too secure. ;( > > > https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber > > > > I didn't write SMS. SMS is terrible, it's the worst 2F channel nowadays. > > I meant push notification, when the message is sent through secure channel > > to your smart phone and you get popup asking for authorization. > > At least: > > > > - Google does that: > > https://s3.amazonaws.com/neowin/news/images/uploaded/2017/07/1500141361_google_mobile_prompt.jpg > > - Microsoft Suite (Teams, Outlook) on my corporate accounts: > > https://techcommunity.microsoft.com/t5/image/serverpage/image-id/46536iDD69C684B52CC495 > > - My banking app (for login and transfer authorizations) > > https://android.com.pl/apps/wp-content/uploads/2020/03/alior.jpg.webp > > > > This seem to be easiest and most secure 2FA, but requires cooperation > > with Android framework. Next in line are FIDO/Yubikeys, and OTP codes. > > Ah, ok. Well, not everyone has access to them. > > I have a android based phone, but it's de-googled, > so I can't get any google push notifications. Others > may have i-phones or... perhaps even no smart phone at all. ;) Both IOS and Tizen have some push notification frameworks, like Android. I'm not familiar with specifics, as their marketshare is insignificant here, less than 7% combined. Anyway, any solution is more usable than this peculiar way of combining password with OTP code. -- Tomasz Torcz RIP is irrevelant. Spoofing is futile. tomek@xxxxxxxxxxxxxx Your routes will be aggreggated. -- Alex Yuriev _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
