On 2/20/22 19:08, Adam Williamson wrote: > On Sun, 2022-02-20 at 16:42 +0000, Gary Buhrmaster wrote: >> Unfortunately, last I checked, the FAS account >> system did not support adding something >> like a FIDO2 security key to an account(**). >> Even if it did, I suspect not all the other parts >> of the system would support FIDO keys. > > It used to support these, but the support was lost with the recent > rewrite. However, it supports Google Authenticator-style OTPs. Folks > with infra privileges on their accounts (like me) are already required > to use these. It works fine. I preferred being able to use a yubikey so > I don't always have to open an app on my phone and retype a six digit > code when I need to log in to something, but that's just a minor > annoyance. FIDO keys are significantly more secure than OTPs, and FAS should get support for them. OTPs are still phishable, whereas FIDO2 generally isn’t. -- Sincerely, Demi Marie Obenour (she/her/hers)
Attachment:
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
