On Sat, Aug 24, 2013 at 10:05 AM, Tyler Romeo <tylerro...@gmail.com> wrote:
> On Sat, Aug 24, 2013 at 12:50 PM, Seb35 <seb35wikipe...@gmail.com> wrote: > > > An other solution is the use of one-time passwords [1] for high-security > > or https-unfriendly users (e.g. logging in) or actions (e.g. checkuser > > action). Such one-time passwords can be generated entirely on the client > > side (e.g. a program) or on an external device (e.g. SecurID [2]). This > > transfers the problem "unsecure password" to a problem "protection of the > > password generator" (e.g. with an offline password) and introduces the > key > > distribution problem (e.g. the physical device). > > > Would something like Extension:OATHAuth fit this purpose? > The OATH protocol, definitely. One piece I wasn't able to get into our Auth rework this summer was having 2-step login, so that we could require OATH for some people, but normal users wouldn't have to. But yeah, > > *-- * > *Tyler Romeo* > Stevens Institute of Technology, Class of 2016 > Major in Computer Science > www.whizkidztech.com | tylerro...@gmail.com > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l