Am Fri, 03 Oct 2014 08:31:36 -0400
schrieb Nathaniel McCallum <npmccallum(a)redhat.com>:
In any case, shared accounts should always be discouraged.
Agreed, but there are also other usescases: I have shared my
secrets/tokens on multiple (own) devices. I did that by copying the
code, but using a qr-code would have worked as well. In the case of
FreeOTP I think you cannot see/copy the code (which is good for
confidentiality but bad for availability).
However I think the risk that somebody quickly steals a code with this
function is enough to avoid it. (Maybe when a PIN is required it is
fine).
Gruss
Bernd