Sorry, I realise I wasn't very clear
This bit of code (call it /bin/rc/2fa for now) will reboot your computer
unless you type "letmein" at the "Password:" prompt
#!/bin/rc
fn sigint {
fshalt -r
}
fn readpw {
>[1]/dev/consctl {
echo -n rawon
pw = `{read /dev/cons}
}
}
echo -n Password:
readpw
if(~ $pw letmein) {
exec rio -i riostart
}
fshalt -r
So in your terminal section of lib/profile if you replace
rio -i riostart
with
exec /bin/rc/2fa
then it forces a password on boot in a terminal
The 2fa part I am planning is to use the Duo authenticator app to get a
passcode instead of letmein
On Fri, Jun 6, 2025 at 3:41 PM Frank D. Engel, Jr. <[email protected]>
wrote:
> 2FA is a great option for remote access, but it isn't really relevant to
> this scenario.
>
> A BIOS password doesn't help if someone takes the drive out of the
> machine and sticks it into another one that doesn't have that password.
>
> Security by obscurity is not a good plan.
>
>
> On 6/6/25 03:44, Maht Lawless via 9fans wrote:
> > Hi,
> >
> > I am working on 2FA to access your account on login, but it's a couple
> > of weeks away.
> >
> > But you could just enable a bios password if you worry about someone
> > just booting it up.
> >
> > Currently I rely on them seeing a grey screen and thinking the laptop is
> broken
> >
> >
> >
> > On Thu, Jun 5, 2025 at 10:41 PM Frank D. Engel, Jr. <[email protected]>
> wrote:
> >> The biggest issue I have with 9front or other Plan9 distribution on a
> laptop is the lack of local authentication upon startup; the OS just trusts
> that you are whoever you say you are when you boot the system. If the
> laptop were stolen or something there is nothing to keep someone from
> getting in and accessing all of the data.
> >>
> >> It is one thing to do that with a server that is locked in a secure
> closet (as was the expected situation for a Plan9 file server back when it
> was invented), but for an all-in-one portable system that is more of a
> problem.
> >>
> >> Has anyone come up with a solution for drive encryption and forced
> password authentication upon boot yet, to make it more practical to use 9
> directly on a laptop without creating as much of a concern?
> > ------------------------------------------
> > 9fans: 9fans
> > Permalink:
> https://9fans.topicbox.com/groups/9fans/T2fa5d9bbce09411d-M02070a23f0f9fb02ce3bf622
> > Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
------------------------------------------
9fans: 9fans
Permalink:
https://9fans.topicbox.com/groups/9fans/T2fa5d9bbce09411d-M2ce8d18143684231c7683868
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
