On Fri, Aug 22, 2014 at 12:49:59PM -0600, Kevin Fenzi wrote:
> I think it would be nice to explore making our dist-git more secure.
Since access to dist-git (e.g. ssh keys) is managed via FAS, initially
FAS should require 2FA if you require 2FA for other services. This might
already be a problem
On Fri, 22 Aug 2014 12:17:52 +0200
Pierre-Yves Chibon wrote:
> Hi all,
>
> Xavier pointed me to this article this morning [1] about the
> kernel.org infrastructure now requiring 2-Factor Auth on the git of
> the kernel.
Yeah.
> We were wondering if this is something that would be worth
> cons
-factor-authentication
pgpepG6GL4YHQ.pgp
Description: PGP signature
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure
On Fri, 6 Sep 2013 08:23:06 +0800
Christopher Meng wrote:
> Wow... that would be great. This is the most serious case we should
> care about.
>
> IMHO We should pretend to be "normal" when we meet such case like
> mailman subscribe, but I think we also should notify users when
> $(TIMES) times w
On 05/09/13 19:04, Kevin Fenzi wrote:
> On Thu, 05 Sep 2013 13:10:56 -0400 Ricky Elrod
> wrote:
>
>> On 09/05/2013 01:01 PM, Ian Weller wrote:
>>> On Thu, Sep 05, 2013 at 04:50:04PM +0200, Pierre-Yves Chibon
>>> wrote:
3) Ask for password, validate, then ask for 2 fa is set up
>>
>> +1, my
在 2013-9-6 AM3:25,"Tristan Santore" 写道:
> I have another idea. Could we not do a password check, and if the
> password is correct, provide the 2fa interface, if then a user does
> not enter the 2fa, an email is send to the actual user informing of a
> failed login attempt, with the date and time a
Dear all,
We are in the process of implementing 2 factor authentication in our web
application.
We already have some code written [1], reviewed and which seems to be fine from
a
code point of view, however there seems to be still some discussion as to the
approach we should take from a logic
On Thu, 5 Sep 2013 12:36:25 -0700
Toshio Kuratomi wrote:
> By another idea -- you mean unrelated, correct? If so, I'd think we
> might consider just sending email on any failed login attempt,
> password or 2fa.
>
> Successful password and failed 2fa would certainly be something to
> highlight m
On Thu, Sep 05, 2013 at 08:25:30PM +0100, Tristan Santore wrote:
> On 05/09/13 20:22, Toshio Kuratomi wrote:
> > On Thu, Sep 05, 2013 at 08:57:33PM +0200, Till Maas wrote:
> >> On Thu, Sep 05, 2013 at 12:01:35PM -0500, Ian Weller wrote:
> >>
> >>> This is the same for a form that asks for password
On 05/09/13 20:22, Toshio Kuratomi wrote:
> On Thu, Sep 05, 2013 at 08:57:33PM +0200, Till Maas wrote:
>> On Thu, Sep 05, 2013 at 12:01:35PM -0500, Ian Weller wrote:
>>
>>> This is the same for a form that asks for password + token
>>> code, but a simple password + token code field raises too many
On Thu, Sep 05, 2013 at 12:01:35PM -0500, Ian Weller wrote:
> This is the same for a form that asks for password + token code, but a
> simple password + token code field raises too many questions for someone
> who is logging in to an application and has no idea what a token code
> is.
IMHO it wou
On Thu, Sep 05, 2013 at 08:57:33PM +0200, Till Maas wrote:
> On Thu, Sep 05, 2013 at 12:01:35PM -0500, Ian Weller wrote:
>
> > This is the same for a form that asks for password + token code, but a
> > simple password + token code field raises too many questions for someone
> > who is logging in t
On Thu, 05 Sep 2013 13:10:56 -0400
Ricky Elrod wrote:
> On 09/05/2013 01:01 PM, Ian Weller wrote:
> > On Thu, Sep 05, 2013 at 04:50:04PM +0200, Pierre-Yves Chibon wrote:
> >> 3) Ask for password, validate, then ask for 2 fa is set up
>
> +1, my first instinct was this method as well, and yes it
On Thu, Sep 5, 2013 at 7:01 PM, Ian Weller wrote:
> On Thu, Sep 05, 2013 at 04:50:04PM +0200, Pierre-Yves Chibon wrote:
> > 3) Ask for password, validate, then ask for 2 fa is set up
> >
> > Login page:
> >
> > ___
> > |
On Thu, Sep 05, 2013 at 04:50:04PM +0200, Pierre-Yves Chibon wrote:
> 3) Ask for password, validate, then ask for 2 fa is set up
>
> Login page:
>
> ___
> | |
> | Login:
On 09/05/2013 01:01 PM, Ian Weller wrote:
> On Thu, Sep 05, 2013 at 04:50:04PM +0200, Pierre-Yves Chibon wrote:
>> 3) Ask for password, validate, then ask for 2 fa is set up
+1, my first instinct was this method as well, and yes it is something
that a lot of other sites with 2fa seem to be doing (
16 matches
Mail list logo