2factor auth
Till Maas
opensource at till.name
Wed Oct 19 15:04:31 UTC 2011
On Wed, Oct 19, 2011 at 07:18:34AM -0700, Toshio Kuratomi wrote:
> > As for "lost token", the idea would be that the admin would be able to
> > reset the user's login requirements to password or similar until a new
> > token can be mailed out. (Leaving it up to the admin to perform proper
> > verification that the token was actually lost vs. a social-engineering
> > attempt).
>
> So we might want to allow some of that to be done without admin
> intervention. As I say, we do not have the ability to do proper
> verification over the majority of our account holders. With that in mind,
> we have two choices -- refuse them access, so they have to create a new
> account or allow them to change token with minimal verification. If the
> latter, then there's no need for admin's to be involved.
There are several ways to prove one's identity that can be used if the
token is lost. For example:
- access to a private SSH key
- access to a private key of a client SSL cert
- might even be one issued by e.g. cacert
- access to a private gpg key
- access to text messages to a certain mobile number
- access to voice message to a certain phone number
- ability to create a picture or video of oneself with a certain message
included
- ability to meet with other Fedora account holders that verify a ID card
- ability to receive mail to a certain postal address
- ability to receive e-mail
- ability to receive payments via certain bank accounts
- ability to receive jabber messages
Depending on timing requirements and probability whether certain methods
might be compromised if a token is compromised a combination or only
several ones might be used.
Kind regards
Till
More information about the infrastructure
mailing list