Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Subsidized FIDO U2F security keys
- Date: Tue, 17 Nov 2015 10:51:55 +0900
- From: Curt Sampson <cjs@example.com>
- Subject: Re: [tlug] Subsidized FIDO U2F security keys
- References: <560F693E.1000000@onjapan.net>
- User-agent: Mutt/1.5.21 (2010-09-15)
On 2015-10-03 14:35 +0900 (Sat), Jim Tittsler wrote:
> GitHub has recently gotten the 2 factor authentication religion.
While they have, you want to be very careful about what the Github folks
say when they talk about security. They are rather confused about what
two factor authentication is. For example, in a blog post[1] they refer
to TOTP as two-factor authentication[2], though TOTP is clearly no such
thing. (Google correctly refers to adding TOTP to standard password
authentication as "two-step" authentication.)
(TOTP is a shared password system where the password itself is
available to GitHub in cleartext form, and thus could be stolen via
a server compromise, unlike the passwords you use for their standard
authentication, which I am pretty sure are stored in well-designed
hashed format that currently nobody knows how to reverse.)
[1]: https://github.com/blog/1614-two-factor-authentication
[2]: https://help.github.com/articles/configuring-two-factor-authentication-via-a-totp-mobile-app
cjs
--
Curt Sampson <cjs@example.com> +81 90 7737 2974
To iterate is human, to recurse divine.
- L Peter Deutsch
- Follow-Ups:
- Re: [tlug] Subsidized FIDO U2F security keys
- From: Stephen J. Turnbull
- Re: [tlug] Subsidized FIDO U2F security keys
- Prev by Date: Re: [tlug] [OT] Specialized insects and Linux
- Next by Date: [tlug] Ubuntu 14.04 bind9 local resolver problems
- Previous by thread: [tlug] Ubuntu 14.04 bind9 local resolver problems
- Next by thread: Re: [tlug] Subsidized FIDO U2F security keys
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |