[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Salsa update: no more "-guest" and more

On Sun, Apr 26, 2020 at 10:12:41AM -0700, Sean Whitton wrote:
> On Sun 26 Apr 2020 at 02:36PM +02, Mattia Rizzolo wrote:
> > On Sun, Apr 26, 2020 at 02:07:54PM +0200, Bernd Zeimetz wrote:
> >> There are even cli tools that do the same stuff. I'd guess there is at least one on Debian.
> > Indeed, after I first lost a phone, and a second one broke, leaving me
> > with a quite huge pain to recover my accounts, I started using
> > `oathtool` to manage the TOTP and HOTP codes, which is in Debian, and I
> > store the secret hash needed to generate the codes with `pass`.
> >
> > That said, for the only website where I need HOTP (Ubuntu SSO), I stored
> > that thing in the HOTP spot of my yubikey, and for everything else they
> > also support U2F so I likewise use my yubikey for those as well.
> In such a case, though, haven't you essentially turned it back into one
> factor authentication (the single factor being your laptop)?

It's still two factor: something I know (password) and something I have
(my yubikey).

Since I sometimes I don't really know my passwords, I suppose at that
point the "something I know" instead of being the actual password is the
GPG passphrase used to decrypt the file that actually contains the
password, but it's still 2fa.
Still I wouldn't consider that to be tied to my laptop (the password
storage does live in my laptop, but it's encrypted AND duplicated

                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
More about me:  https://mapreri.org                             : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-

Attachment: signature.asc
Description: PGP signature

Reply to: