Some sites (e.g gitlab) require you to set up regular TOTP before adding a U2F 
hardware key.  Maybe because U2F isn't supported too broadly, so you need 
regular TOTP to log into non-Chrome browsers or shell services.  Bitbucket 
requires ssh keys first too.

Many sites let you name your U2F devices, since you can add multiple.  They may 
also record the date it was added.


---

** [tickets:#8119] U2F for multifactor auth**

**Status:** open
**Milestone:** unreleased
**Labels:** security 
**Created:** Mon Aug 15, 2016 03:56 PM UTC by Dave Brondsema
**Last Updated:** Mon Aug 15, 2016 03:56 PM UTC
**Owner:** nobody


As an additional 2FA option, implement support for U2F.  Some details at 
http://mail-archives.apache.org/mod_mbox/allura-dev/201608.mbox/%3C28c7a399-86c5-5d75-dde4-2ab54fe7b3e4%40brondsema.net%3E


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed 
to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at 
https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is 
a mailing list, you can unsubscribe from the mailing list.

Reply via email to