All,
On 12/14/21 14:25, Arnaud Le Hors wrote:
I work with the Developer Best Practices Working Group of the
Linux Foundation's Open Source Security Foundation (OpenSSF)
>
> [snip]
>
We'd like to give your project *free* MFA hardware tokens from Google
and GitHub, for use by your maintainers.
Any particular reasons why TOTP won't work just as well and not generate
electronic waste?
Also no-cost and provides the same benefits as hardware tokens. And
doesn't suffer from things like [1].
-chris
[1]
https://www.theverge.com/2019/5/15/18625028/google-titan-security-keys-bluetooth-vulnerability-replacement-free