On 22/02/2022 12:33, Daniel P. Berrangé wrote:
Given that the accounts system already supports these OTPs, what
is the reason for not mandating this OTP based 2FA for*all*
contributors today, as oppposed to merely infra people ?
I like it, but many Fedora contributors won't be happy. Google said that
only 10% of their users use OTP.
We need to fix Fedora's OTP implementation first. Sending password+CODE
is the worst idea, I ever seen. You can't even use a password manager to
auto-enter it.
My suggestions:
1. Change password entry dialog on id.fedoraproject.org with
accounts.fedoraproject.org version (with a separate OTP field).
2. Kinit should ask for password and OTP code in different prompts
(check how it works with SSH + OTP plugin).
--
Sincerely,
Vitaly Zaitsev (vitaly@xxxxxxxxxxxxxx)
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
