Il 24/06/24 03:42, Kevin Fenzi ha
scritto:
You can enroll as many tokens as you like, so you can enroll one in a backup device or system in case you loose your primary token. You only need any one otp to login. Things like keepassxc and bitwarden allow you to setup OTPs these days. kevin
IMO, having the token stored in your password manager means going from 2FA to 1FA effectively ;-) if someone gets access to your password manager vault, all accounts will be compromised.
That said, even if the token is stored in the password manager, it is not cushy to be used with kerberos. I have been using 2FA for over a year now and I get used to, but it's clumsy to use it in Fedora infrastructure. I'd really like if we can move everything related to 2FA to use a yubikey or something like that, so that users could just authenticate by having their key inserted in a USB port.
Mattia
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
