On 19/06/2026 09:50, Petr Pisar wrote:
If the policy wants to deliver that OTP is stronger than an SSH key, then the policy should mandate the OTP seed to be stored off the computer (in legal speak: "off the device you access Fedora Project services from").
When a service I rarely use requires a one-time password (OTP), I add it using KeePassXC and store its secret key in the same database along with the password. I use TOTP on a separate device only for my primary email and a few important accounts.
Does this increase security? I don't think so. -- Sincerely, Vitaly Zaitsev ([email protected]) -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
