Yeah I wrote some code that got U2F support working through inside the OATHAuth extension, though I don't think it ever got to Gerrit.
On Tue, 14 Aug 2018, 10:31 Simon Walker, simon@stwalkerster.co.uk wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 12/08/18 17:47, Petr Bena wrote:
Right now there are only two options for two factor authentication:
- Don't use two-factor authentication (insecure) * Use two factor
authentication (annoying as hell)
Has any thought been given to supporting alternate methods of 2FA, such as the FIDO Universal Second Factor (U2F)?
These reduce the time taken to authenticate the second factor to a couple of seconds (plug in, press one button), versus the smartphone TOTP apps (unlock phone, open app, find right code in list, type it in).
I'm aware there's a cost to the tokens, and I'm not suggesting there be a requirement on them, just an optional alternate for those who either already own one or are willing to spend around £10.
GitHub and Google both support U2F as an alternate to TOTP, and either method can be used when the second factor is required.
Cheers,
Simon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQEcBAEBCAAGBQJbcqFdAAoJELPtp5HPJmI8+gYH/0LPkSS9Uz+yI5Cj5MdbKBR+ OKesFIbFnNWR6DmBC8CteIItuCqAlopDQ4+GhTpcp3LTIDFE+tIJuDJWpX1l+Smg GW0MQ6fj8ZUXETaFZeuEYKVBM6eD1t9c349H6Lv9zJEIUkvHlKq5rOgDijzMiVQa aYNBzOrFovdFgbRqh6BfJqNnZJ1CH5cZcAANndzBuv3AzGel/iTxSHzZ36ypmXAu wvbc8pJ9hWbVPPUwX8RIOmYKTUsfmLCzgySJMyMnkUJgRWB0h2ox1U3bszUZQzvD uLUZMR8Hv6/oIB6fHr6NWbMDVCg13a10pHNak7fSrlE7h1WKIOwe12Ixw8muYJQ= =y0jr -----END PGP SIGNATURE-----
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l