DevSecOps-MaturityModel icon indicating copy to clipboard operation
DevSecOps-MaturityModel copied to clipboard

Published 20 hours ago verified publisher icon wurstbrot

Re-assess the security of TOTP vs other mechanisms

Open ioggstream opened this issue 2 years ago • 2 comments

Task

  • reassess the security of TOTP vs other mechanisms like security keys

ioggstream avatar Oct 12 '22 09:10 ioggstream

Hi @ioggstream ! Currently, the following is listed for 2FA: - $ref: src/assets/YAML/default/implementations.yaml#/implementations/smartcard - $ref: src/assets/YAML/default/implementations.yaml#/implementations/yubikey - $ref: src/assets/YAML/default/implementations.yaml#/implementations/sms - $ref: src/assets/YAML/default/implementations.yaml#/implementations/totp

What else would you add, FIDO2?

wurstbrot avatar Oct 12 '22 10:10 wurstbrot

@wurstbrot My2¢

Google recently gifted python package maintainers of ~4000 couples of secure keys for the above reasons.

FIDO2

current devices, including yubikey support multiple protocols, e.g. U2F, FIDO2 so not sure whether we need to add more (e.g. you'll check yubikey if you have another one)

ioggstream avatar Oct 18 '22 17:10 ioggstream

This issue has been automatically marked as stale because it has not had recent activity. :calendar: It will be closed automatically in one week if no further activity occurs.

github-actions[bot] avatar Jul 21 '24 02:07 github-actions[bot]

This issue was closed because it has been stalled for 7 days with no activity.

github-actions[bot] avatar Jul 28 '24 02:07 github-actions[bot]