Roger Marquis wrote: > > In my case, no page is involved, just the FreeOTP app on my Android > > phone (which is less convenient than a sheet of paper with OPIE > > passwords, but I can live with that). > > FreeOTP and FreeOTP+ are IMO the best OTP apps out there. They require > no privacy invading "push" notifications and are open source.
Would you rely on security/pam_google_authenticator+FreeOTP as the *single* authentication for ssh (not as an extra authentication factor)? In other words, as a "sufficient" PAM module? > Just wish > more sites would publish numeric codes instead of gimmicky QR codes. Oh, I love the QR codes google-authenticator generates in character-based terminals. Very stylish, and convenient to scan with the FreeOTP app. Do you know if there is a FreeOTP generator for the FreeBSD console, like /usr/bin/otp-md5 ? > > That said there are still plenty of us who also use OPIE. The passcodes > are a solid T/HOTP fallback, aren't subject to seizure by border agents > having a bad day, can be easily copied and stored on paper and have zero > dependencies on 3rd parties. > > That's not to say that OPIE should be kept in base though. There's > already way too much unused legacy cruft in FreeBSD base. Ports are the > right tool for that job. Is there a way to keep some software in ports, if the original project is dead? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature