-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 12/08/18 17:47, Petr Bena wrote:
Right now there are only two options for two factor authentication:
- Don't use two-factor authentication (insecure) * Use two factor
authentication (annoying as hell)
Has any thought been given to supporting alternate methods of 2FA, such as the FIDO Universal Second Factor (U2F)?
These reduce the time taken to authenticate the second factor to a couple of seconds (plug in, press one button), versus the smartphone TOTP apps (unlock phone, open app, find right code in list, type it in).
I'm aware there's a cost to the tokens, and I'm not suggesting there be a requirement on them, just an optional alternate for those who either already own one or are willing to spend around £10.
GitHub and Google both support U2F as an alternate to TOTP, and either method can be used when the second factor is required.
Cheers,
Simon