#stupidIdeaOfTheDay (based on one I found randomly on Reddit)
To avoid using Static passwords + TOTPs (like Google Authenticator codes), have a dynamic Single-factor authentication:
Sign the time (in blocks of 30 seconds like with TOTPS) with your private key, so you have passwords valid for 30-90 seconds. Allow at most 10 attempts every 30 seconds. Obviously, the server checks a valid signature with your registered public key.
For this, you can use an extension for your password manager as you are already doing to manage your static passwords + your TOTPs.
Similar to what Yubikey originally did. There are many weak points like Man in the middle, and phishing, and possible attacks over a known message, that were solved with WebAuthn, but it's a nice exercise to think about.
Disclaimer: Don't roll your own crypto
Disclaimer 2: Don't implement 1FA, if you can do 2FA or MFA =P
matched #iko74mq score:12.34
Search by:
Search by 1 tags:
(#iko74mq) Well, the login technique for SSH is great and works (you have to protect your key, but *nix OS makes it in a safer way)
For web browsing you have Client certificates or Webauthn which require a lot of configuration or external hardware, mostly difficult to use on a mobile device... ๐ค
So, yeah, I'd like to find a good balance between easy to use and hacky
matched #zi35m6a score:12.34
Search by:
Search by 1 tags: