Re: 2FA (was: Preventing account takeovers through expired domains)
Also it's possible to use gopass which is able to store the OTP seed secured by GPG and keep the GPG keys on a Yubikey to ensure their safety. Best, Fale On Mon, Feb 21, 2022, at 11:03, Björn Persson wrote: > Adam Williamson wrote: > > However, it supports Google Authenticator-style OTPs. Folks > > with infra privileges on their accounts (like me) are already required > > to use these. It works fine. I preferred being able to use a yubikey so > > I don't always have to open an app on my phone and retype a six digit > > code when I need to log in to something, but that's just a minor > > annoyance. > > You can produce compatible OTPs with a yubikey if you want. Install > yubioath-desktop. You open an app on your workstation/laptop instead of > on the phone, and paste from the clipboard instead of retyping. (Still > not as good as U2F of course.) > > Björn Persson > > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > -- Fabio Alessandro Locati fale.io ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
2FA (was: Preventing account takeovers through expired domains)
Adam Williamson wrote: > However, it supports Google Authenticator-style OTPs. Folks > with infra privileges on their accounts (like me) are already required > to use these. It works fine. I preferred being able to use a yubikey so > I don't always have to open an app on my phone and retype a six digit > code when I need to log in to something, but that's just a minor > annoyance. You can produce compatible OTPs with a yubikey if you want. Install yubioath-desktop. You open an app on your workstation/laptop instead of on the phone, and paste from the clipboard instead of retyping. (Still not as good as U2F of course.) Björn Persson pgpxs9kMwtLFb.pgp Description: OpenPGP digital signatur ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
2FA (was: Preventing account takeovers through expired domains)
Demi Marie Obenour wrote: > Security keys are the only form of 2fa that is immune to > phishing attacks. U2F and FIDO2 are said to be immune to phishing. HOTP, TOTP and various proprietary challenge-respone protocols are not immune. Björn Persson pgp_7IhtLa4JI.pgp Description: OpenPGP digital signatur ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure