Michael Catanzaro wrote: > On Thu, Apr 7 2022 at 12:30:42 PM -0400, Stephen Gallagher > <sgall...@redhat.com> wrote: > > Well, it *could* grow an interface to some of the password wallet > > services that support TOTP or HOTP codes (like Bitwarden, Lastpass, > > 1password, etc.) and configure it to query that service and append the > > code to the password. It doesn't help if you want/need a physical > > token, though. > > Good idea. Of course we'd probably want to use GNOME Keyring for this > (which does not currently support third-party services, but could in > the future). I suppose gnome-online-accounts would only need to store > the TOTP/HOTP seed and some config data.
This sounds like you would store the password and the TOTP seed together in the same keyring. That's rather pointless. If you store two secrets together, then they are effectively a single secret, and the TOTP just adds an unnecessary step to the authentication protocol. It's better to generate a long random key for your "password", store that in your keyring, and not bother with TOTP. Two-factor authentication is when you have two secrets stored in two different storage media, for example one in Gnome Keyring and the other in a Yubikey. If the keyring is encrypted with a master passphrase, then that's also two-factor authentication. The encrypted key stored in the keyring is one factor, and the master passphrase stored in the user's brain is the other factor. In that case a TOTP seed stored in a Yubikey becomes a third factor. Björn Persson
pgpBJJfbjJHPN.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
