Yeah I wrote some code that got U2F support working through inside the
OATHAuth extension, though I don't think it ever got to Gerrit.
On Tue, 14 Aug 2018, 10:31 Simon Walker, <simon(a)stwalkerster.co.uk> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 12/08/18 17:47, Petr Bena wrote:
Right now there are only two options for two
factor
authentication:
* Don't use two-factor authentication (insecure) * Use two factor
authentication (annoying as hell)
Has any thought been given to supporting alternate methods of 2FA,
such as the FIDO Universal Second Factor (U2F)?
These reduce the time taken to authenticate the second factor to a
couple of seconds (plug in, press one button), versus the smartphone
TOTP apps (unlock phone, open app, find right code in list, type it in).
I'm aware there's a cost to the tokens, and I'm not suggesting there
be a requirement on them, just an optional alternate for those who
either already own one or are willing to spend around £10.
GitHub and Google both support U2F as an alternate to TOTP, and either
method can be used when the second factor is required.
Cheers,
Simon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJbcqFdAAoJELPtp5HPJmI8+gYH/0LPkSS9Uz+yI5Cj5MdbKBR+
OKesFIbFnNWR6DmBC8CteIItuCqAlopDQ4+GhTpcp3LTIDFE+tIJuDJWpX1l+Smg
GW0MQ6fj8ZUXETaFZeuEYKVBM6eD1t9c349H6Lv9zJEIUkvHlKq5rOgDijzMiVQa
aYNBzOrFovdFgbRqh6BfJqNnZJ1CH5cZcAANndzBuv3AzGel/iTxSHzZ36ypmXAu
wvbc8pJ9hWbVPPUwX8RIOmYKTUsfmLCzgySJMyMnkUJgRWB0h2ox1U3bszUZQzvD
uLUZMR8Hv6/oIB6fHr6NWbMDVCg13a10pHNak7fSrlE7h1WKIOwe12Ixw8muYJQ=
=y0jr
-----END PGP SIGNATURE-----
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l