[wplug-internet] Two-factor authentication
Vance Kochenderfer
vance at happylemur.com
Wed Feb 11 01:35:16 EST 2015
You can use the GPL'd oathtool to generate OATH one-time passwords
<http://nongnu.org/oath-toolkit/oathtool.1.html>, or read the
specifications <http://www.openauthentication.org/specification> and
write your own implementation, so no proprietary software is needed.
For something more convenient, apparently the Yubikey also supports
OATH.
That said, I don't really see the additional benefit to adding this.
When implemented as a software solution, it's just an extra password
(something you know), albeit a possibly more difficult one for an
attacker to obtain depending on how the key is stored. It's only when
implemented as a hardware-based solution where the keys are not
available to the user and admin that it truly adds a second factor
(something you have).
I do appreciate the effort you're willing to put into this, Justin. If
you have additional points to put forward in favor, I'm all ears. It
does seem like it might be a good idea to consider requiring public keys
or other measures for certain accounts (e.g., members of the "board" or
"wheel" groups).
Vance Kochenderfer | "Get me out of these ropes and into a
vance at happylemur.com | good belt of Scotch" -Nick Danger
More information about the wplug-internet
mailing list