On 24/06/2024 15:27, Michael J Gruber wrote:
Or else, all cloneable OTP apps would need to be disallowed as 2nd factors, and only physical tokens should count.
FIDO2 is even worse than OTP since most (or even all) implementations are proprietary (for example, Android requires proprietary GMS to function as a FIDO2 provider) or require the user to purchase a hardware token (most are proprietary black boxes too).
-- Sincerely, Vitaly Zaitsev (vit...@easycoding.org) -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue