On 04/04/2022 10:21, Hugo Osvaldo Barrera via aur-general wrote:
On Sun, 3 Apr 2022, at 12:07, Ben Denhartog via aur-general wrote:2) Use a proper password manager to store your OTPURI and generate the tokens, as well as for storing your recovery codes. I'd recommend gopass if GPG, self management, and VCS sounds appealing, and 1Password if you'd rather have someone else handle the technicals.Storing the password and the TOTP secret in the same password manager moves both factors into the same store, kinda negating the point of using two-factor.3) WEB3 aims to provide such decentralized login based on some device you control as you are saying you want. Whether or not it replaces the current authentication model is another matter entirely.So, something like a Yubikey using WebAuthN/FIDO? This is not uncommon online, and very handy since the second factory is a fully-offline device which requires a physical tap to log in. I see keycloak DOES support this; maybe it's a matter of enabling it?
Our keycloak supports webauthn and TOTP and you can add multiple two factors. I myself have my both yubikeys (one backup) and phone configured (aegis). Keycloak is getting support for authenticaton codes which can be stored on paper (or encrypted usb stick). [1]
https://github.com/keycloak/keycloak/discussions/8518
OpenPGP_signature
Description: OpenPGP digital signature
