Google
  Web www.spinics.net

Re: 2factor auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Mon, 2011-10-17 at 20:26 -0500, Jeffrey Ollie wrote:
> On Mon, Oct 17, 2011 at 5:54 PM, Kevin Fenzi <kevin@xxxxxxxxx> wrote:
> >
> > On the other hand google-authenticator doesn't have any server ability
> > yet. ;(
> 
> I didn't think that google-authenticator needed a server to do the
> authentication - you just need the app on your phone and some
> configuration on the system that you want to access.
> 

which is the crux of the problem - and one I think I outlined - b/c the
otp secrets are unencrypted and required on every server - they present
a security risk in the lay out google-authenticator requires.

Think of the otp secret like a password that needs to be in plaintext on
every system and you can see why it is scary to have like that.

-sv




_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure


[Home]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Red Hat 9 Bible]     [Fedora Bible]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]

Powered by Linux

Google
  Web www.spinics.net