Yubikey single-factor authentication disabled
Kevin Fenzi
kevin at scrye.com
Wed Mar 6 20:05:05 UTC 2013
On Wed, 6 Mar 2013 20:58:00 +0100
Andreas Bierfert <andreas.bierfert at lowlatency.de> wrote:
> Hi folks,
>
> anyone else seeing "Yubikey single-factor authentication has been
> disabled." when logging into fas or any other fas based services?
>
> I checked in fas and yubikey is enabled for my account (and has been
> for years). Test auth in fas works.
Yes, we disabled this and were not good about communicating that that
change went live with our last fedora account system update. ;(
We were meaning to change the error it outputs to go to a wiki page so
we could communicate the change there, but we have not had a chance to
push that change live to production.
Basically the reasons are:
1) allowing yubikeys as a 1 factor auth means that anyone who gains
access to your yubikey and who knows your fedora account system login
can do anything they like with your account.
2) It's confusing to some people because they think "Oh, I am using a
hardware device here, this must be 2 factor!" when it's not.
We are hoping to enable real 2 factor with our applications, but
haven't yet been able to do so. ;(
Sorry for the trouble
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130306/483e11bc/attachment-0001.sig>
More information about the devel
mailing list