[wplug-internet] Two-factor authentication

[Justin Smith]

I'm currently working with Joe to implement two-factor authentication via 
oath on Haiku's OpenSUSE servers. If you attended January's GUM, you'll 
recognize that this is the topic Pat presented on. I used his slides as a 
guide. (Thanks, Pat!)

Since I now understand how to install and configure oath, I'd be willing to 
set it up on WPLUG's VPS. We store people's personal information - their 
names, addresses, and so on - so I think the added security would be an 
asset.

This would require everyone with a user account to have a smartphone 
with a properly-configured OTP application in order to log in. However, we 
can make exceptions where appropriate. If John Doe doesn't own a 
smartphone, we can turn off two-factor authentication for his account.

Is this an idea worth pursuing? I'd be willing to set up oath and create a 
short tutorial.


*Justin Smith*
GNU/Linux System Administrator

/"Nothing in this world can take the place of persistence. Talent will not; 
nothing is more common than unsuccessful people with talent. Genius will 
not; unrewarded genius is almost a proverb. Education will not; the world is 
full of educated derelicts."/

/-Calvin Coolidge/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.wplug.org/pipermail/wplug-internet/attachments/20150210/6893ed8b/attachment.html>