On 19/06/2026 09:50, Petr Pisar wrote:
If the policy wants to deliver that OTP is stronger than an SSH key, then the
policy should mandate the OTP seed to be stored off the computer (in legal
speak: "off the device you access Fedora Project services from").

When a service I rarely use requires a one-time password (OTP), I add it using KeePassXC and store its secret key in the same database along with the password. I use TOTP on a separate device only for my primary email and a few important accounts.

Does this increase security? I don't think so.

--
Sincerely,
  Vitaly Zaitsev ([email protected])
--
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to