On Sun, 3 Apr 2022, at 12:07, Ben Denhartog via aur-general wrote: > 2) Use a proper password manager to store your OTPURI and generate the > tokens, as well as for storing your recovery codes. I'd recommend > gopass if GPG, self management, and VCS sounds appealing, and 1Password > if you'd rather have someone else handle the technicals. >
Storing the password and the TOTP secret in the same password manager moves both factors into the same store, kinda negating the point of using two-factor. > 3) WEB3 aims to provide such decentralized login based on some device > you control as you are saying you want. Whether or not it replaces the > current authentication model is another matter entirely. So, something like a Yubikey using WebAuthN/FIDO? This is not uncommon online, and very handy since the second factory is a fully-offline device which requires a physical tap to log in. I see keycloak DOES support this; maybe it's a matter of enabling it? -- Hugo Osvaldo Barrera