Vincent Sherwood created GUACAMOLE-1689:
-------------------------------------------
Summary: TOTP - add property to remove (username) from
Authenticator setup
Key: GUACAMOLE-1689
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1689
Project: Guacamole
Issue Type: Improvement
Components: guacamole-auth-totp
Affects Versions: 1.4.0
Reporter: Vincent Sherwood
When enrolling a user for TOTP, the barcode uses the text from the configured
totp-issuer (or the default "Apache Guacamole") and appends " (username)" when
creating the new entry in the Authenticator App. For example
totp-issuer DevTest
{quote}DevTest (bloggs_joe)
123456
{quote}
This leaks valuable information (their username for the system) to anyone who
might catch sight of a user's authenticator.
For security conscious users it would be good to add an option in the config
file to hide the username
# totp-hideuser - Flag to hide username from generated authenticator entry. Set
value to 1 to hide the username. (Default 0)
totp-issuer DevTest
totp-hideuser 1
{quote}DevTest
123456
{quote}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
