On Sun, Apr 26, 2020 at 12:31:42AM +0200, Gard Spreemann wrote: > > Bernd Zeimetz <bernd@bzed.de> writes: > > Actually I think 2FA should be enforced for everybody. > > Even debian.org related passwords might get lost. > > Right, but what's the threat model here? For some of us, losing the > Salsa password is essentially only possible if we have had our PGP > dongle or offline private key backup compromised. Actually, there's a good reason I enable two-factor everywhere despite using a password manager. Password auth submits the same secret over the network on every login, whereas TOTP is based on a pre shared key, so an attacker needs to intercept that initial sharing or phish the OTP. It's probably a minor concern and over the top, but with the ease of use of pass-otp in debian or andOTP in f-droid, why not? I think I've talked myself out of suggesting requiring 2FA on Salsa, but if it's possible to have it by default (opt-out vs opt-in) then that'd be great.
Attachment:
signature.asc
Description: PGP signature