allura-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Brondsema" <d...@brondsema.net>
Subject [allura:tickets] #8117 Implement core 2FA
Date Fri, 19 Aug 2016 19:55:28 GMT
Some nuances to consider:

Bitbucket requires 2FA resubmission to view/update settings, not just password reconfirmation.

Reconfiguration vs (re)adding a phone with the same key as before.

* GitHub says "You’re about to change your two-factor authentication device. This will invalidate
your current two-factor devices. This will not affect your recovery codes or fallback SMS
configuration. Those can be updated on the two-factor settings page."
* Bitbucket only lets you disable, then re-enable
* Dreamhost has separate options to view your key, vs regenerate.  I like this.

Many sites will show you the text form of the key, so you can enter it manually.  Not sure
if this is really needed for anyone?  Phones/apps without camera support?




---

** [tickets:#8117] Implement core 2FA**

**Status:** in-progress
**Milestone:** unreleased
**Labels:** security 
**Created:** Mon Aug 15, 2016 03:54 PM UTC by Dave Brondsema
**Last Updated:** Mon Aug 15, 2016 03:54 PM UTC
**Owner:** Dave Brondsema


This ticket is for the essential functionality for TOTP 2FA, separate tickets for other aspects

Some details at http://mail-archives.apache.org/mod_mbox/allura-dev/201608.mbox/%3C28c7a399-86c5-5d75-dde4-2ab54fe7b3e4%40brondsema.net%3E


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.
 Or, if this is a mailing list, you can unsubscribe from the mailing list.
Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message