Summary of password strength discussion
Chris Murphy
lists at colorremedies.com
Fri Jul 24 16:48:14 UTC 2015
On Fri, Jul 24, 2015 at 10:27 AM, Matthew Miller
<mattdm at fedoraproject.org> wrote:
> On Fri, Jul 24, 2015 at 09:40:53AM -0600, Chris Murphy wrote:
>> > would it be reasonable to expect the sort of user that wants to use
>> > SSH to be able to set that up?
>> No. PKA is an esoteric skill, and you're confused by thinking it's a
>> basic one.
>
> We could set up two-factor authentication with FreeOTP.
> Have the dialog provide a QR code for
>
> a) https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp&hl=en
> https://itunes.apple.com/us/app/freeotp-authenticator/id872559395?mt=8
>
> and then also a token. Leave the users' password as six letters or
> whatever, but also require this for SSH.
>
> Still a little esoteric, but provisioning is easier, and people are
> getting more used to it in general, hopefully. And as a bonus, this
> jumps us up to level 3 identity assurance, I believe.
OK, but still not by default. Not everyone has a smart phone. And mine
runs into this FreeOTP bug:
https://fedorahosted.org/freeotp/ticket/52
This stuff has to be opt in, not opt out.
Chris Murphy
More information about the desktop
mailing list