2 factor authentication

Thu Sep 5 19:25:30 UTC 2013

On 05/09/13 20:22, Toshio Kuratomi wrote:
> On Thu, Sep 05, 2013 at 08:57:33PM +0200, Till Maas wrote:
>> On Thu, Sep 05, 2013 at 12:01:35PM -0500, Ian Weller wrote:
>> 
>>> This is the same for a form that asks for password + token
>>> code, but a simple password + token code field raises too many
>>> questions for someone who is logging in to an application and
>>> has no idea what a token code is.
>> 
>> IMHO it would be nice if the password field can be used to enter
>> both password and token code at once to make login less annoying
>> for 2fa users and therefore more likely that it is used.
>> 
> At least on the backend that will need to be supported.  There are
> cases where we'll want to run applications that we don't write
> ourselves that only have a single field for password.  For those
> situations, the backend will have to be able to handle parsing a
> single password field for a combined password+2fa.
> 
> I don't know if that needs to be expressed on the frontend but if
> it's useful we might as well.
> 
> -Toshio
> 
> 
> 
> _______________________________________________ infrastructure
> mailing list infrastructure at lists.fedoraproject.org 
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
> 
I have another idea. Could we not do a password check, and if the
password is correct, provide the 2fa interface, if then a user does
not enter the 2fa, an email is send to the actual user informing of a
failed login attempt, with the date and time and maybe IP ?

Does this sound more secure to anyone else ?

Regards,

Tristan

-- 

Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore at internexusconnect.net

Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)

For Fedora related issues, please email me at:
TSantore at fedoraproject.org