Il 24/06/24 03:42, Kevin Fenzi ha scritto:
> You can enroll as many tokens as you like, so you can enroll one in a
> backup device or system in case you loose your primary token. You only
> need any one otp to login. Things like keepassxc and bitwarden allow you
> to setup OTPs these days.
>
> kevin
IMO, having the token stored in your password manager means going from 2FA to
1FA effectively ;-) if someone gets access to your password manager vault, all
accounts will be compromised.
That said, even if the token is stored in the password manager, it is not cushy
to be used with kerberos. I have been using 2FA for over a year now and I get
used to, but it's clumsy to use it in Fedora infrastructure. I'd really like if
we can move everything related to 2FA to use a yubikey or something like that,
so that users could just authenticate by having their key inserted in a USB
port.
Mattia
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
