Re: Authenticator apps

To: debian-user@lists.debian.org, Mick Ab <recoverymail123890@gmail.com>, Michael Kjörling <c9bc136c6063@ewoof.net>
Subject: Re: Authenticator apps
From: Jeffrey Walton <noloader@gmail.com>
Date: Tue, 6 Aug 2024 07:52:46 -0400
Message-id: <[🔎] CAH8yC8=pfOx8H2C_vh1a4WNg6BLF+OFJh+aQKx+skNZ6CfyCiw@mail.gmail.com>
Reply-to: noloader@gmail.com
In-reply-to: <[🔎] a10997cd-2d4d-483b-8ee4-2813c98d352b@osnanet.de>
References: <[🔎] CAJrFWkfH2E8E2A6s953rTb5q7J_63Ph_YG=3jQBRdbfFX1BfTg@mail.gmail.com> <[🔎] v8oq1m$f7q$1@ciao.gmane.io> <[🔎] 1a76068b9b1bb8798b1497e73d40dbb9@mxcloud.eu.org> <[🔎] 570c58c1-faf3-4330-bc74-2813f23ccfd6@home.arpa> <[🔎] a10997cd-2d4d-483b-8ee4-2813c98d352b@osnanet.de>

On Tue, Aug 6, 2024 at 4:25 AM Kevin Price <kp@osnanet.de> wrote:
>
> [...]
>
> 2FA is intended to raise the bar of stealing your login from just one
> leaked known secret (username/passphrase) to two _strictly_ separate
> bars. The latter must not be yet another secret, but might be physical
> custody of some given device. In that way, a merely leaked passphrase
> won't give immediate access to your login, neither would that device, if
> only that was stolen.

The three security properties of a second factor are:

   1. entropy
   2. replay resistance
   3. phishing resistance

Jeff

Reply to:

References:
- Authenticator apps
  - From: Mick Ab <recoverymail123890@gmail.com>
- Re: Authenticator apps
  - From: didier gaumet <didier.gaumet@gmail.com>
- Re: Authenticator apps
  - From: Wesley <wesley@mxcloud.eu.org>
- Re: Authenticator apps
  - From: Michael Kjörling <c9bc136c6063@ewoof.net>
- Re: Authenticator apps
  - From: Kevin Price <kp@osnanet.de>

Prev by Date: Re: iptables to nftables?
Next by Date: Re: iptables to nftables?
Previous by thread: Re: Authenticator apps
Next by thread: Re: Authenticator apps
Index(es):
- Date
- Thread