24. kesäkuuta 2024 19.21.02 GMT+03:00 DJ Delorie <d...@redhat.com> kirjoitti: >Kilian Hanich <khanich.opensou...@gmx.de> writes: >> So, if we really don't count the password manager file because it can be >> copied easily, one also cannot count the ones from from apps since they >> can also be easily replicated. > >I agree. Hence "grudgingly accepted".
I wonder, as there seems to be significant variation on what different people consider true 2FA, should the policy also say something about the expectation on TOTP secret management? Or are we satisfied if proven packagers are able to generate TOTP by whatever means? Personally, I have all my passwords AND all my TOTP in a single KeePassXC database that is replicated to devices where I need it. Previously, I had a separate app for TOTP, but I could not understand how having two databases with two passwords on my phone was increasing security, so I simplified. My understanding is that the only, but perhaps significant, gains here are that TOTP does not send its long-lived secret over the wire, and I cannot decide to reuse (a set of) secrets for more than one site. That is great, but not "multi factor", like this setup is usually called. Everything would be no less secure, and simpler for me, if I could just disable the traditional password for sites that accept TOTP. I also have hard time believing that there is a significant fraction of people who do not ever log into their important sites from their phone. So in my opinion the "your phone is your second factor" idea does not fly. -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
