Comments (6)
ceejbot
commented on June 1, 2024
2
Some feature requirements:
- no sms
- generate a scannable QR code for the terminal; also display the number for manual input
- require successful input of one code before enabling it
- generate 10 one-time-use recovery codes
- using a recovery code un-sets 2fa
I am fine with showing the recovery codes again on a web site, preferably after some kind of short-term privilege escalation action, like, say, entering a valid OTP.
from entropic.
chrisdickinson
commented on June 1, 2024
1
What I'd like to gain from Entropic-supported 2FA is the ability to prompt users for a second factor when taking sensitive actions, like publishing a package, inviting/removing folks from namespaces, or inviting/removing maintainers from packages. GitHub 2FA protects the initial sign-up process (& subsequent website sign-ins to generate tokens) but not app-specific actions.
from entropic.
nschonni
commented on June 1, 2024
1
I guess FIDO2 would only make sense for a web-registry login scenario https://fidoalliance.org/fido2/
from entropic.
aslilac
commented on June 1, 2024
Counter point: Github supports 2FA already. Is there a way we could check whether or not a GitHub user uses 2FA so that we can utilize that, rather than potentially having 3FA?
from entropic.
zacanger
commented on June 1, 2024
I don't think there's a way to tell if a user has 2FA enabled through the API, unless they're a member or collaborator on your org :\
from entropic.
DanielRuf
commented on June 1, 2024
OTP and SSS (Shamirs Secret Sharing) are also great solutions, especially to prevent the storage of full tokens.
from entropic.
Related Issues (20)
- Discourse Misconfigured Cert - Firefox HOT 2
- Two `docs/rfcs` directories HOT 2
- Follow Free Desktop Standards for config file HOT 2
- Protocol support for packfiles
- Build federation on top of ActivityPub
- Building a compromise-resilient registry with TUF and in-toto
- Link from CONTRIBUTING to setup documentation is dead HOT 1
- Consider using package-url HOT 3
- Take a look sideways at composer from PHP?
- ORAS - cooperation
- Add opencollective to funding.yml
- Add `deprecated` and `publishTime` information to packuments
- Design package signing system
- Add Code of Conduct to repo HOT 1
- Revisit the design of legacy packages HOT 2
- Can't install ds; install.sh is a 404 page HOT 2
- Link to "set up the project" in contribution docs leads to a 404
- https://entropic.dev returns a server message HOT 1
- Is this project dead? Just curious. HOT 7
- Dead project HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from entropic.