On 4/13/24 01:44, Richard W.M. Jones wrote:
On Fri, Apr 12, 2024 at 04:50:13PM -0500, Chris Adams wrote:Once upon a time, Richard W.M. Jones <rjo...@redhat.com> said:So the problem with github is they don't allow you to have 2FA on a backup device (or rather, it *is* possible, but the process is ludicrous[1]). If you have your phone as second FA and lose it then you have to immediately fall back to the piece of paper.I haven't seen a site with TOTP 2FA allow multiple TOTP codes, they all just store one. It's trivial to scan the TOTP code into multiple devices (depending on the software used, you can sometimes "export" a TOTP code from one device to another by showing a QR code on the first device), so that's hardly a "ludicrous" method.I sometimes think how hard it would be to explain all of this to my mother. I don't understand why 2FA needs to be so obscure and clumsy to use. Rich.
You got a really good point there. All MFA implementations the industry has come up with are less than ideal in one way or the other.
OpenPGP_signature.asc
Description: OpenPGP digital signature
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
