On to, 01 huhti 2021, Kevin Fenzi wrote:
On Thu, Apr 01, 2021 at 01:50:40PM +0300, Alexander Bokovoy wrote:
This split of fields in FreeIPA Web UI exists since FreeIPA 4.0 which
was part of early RHEL 7 deliveries (the code for separate OTP field was
added in 2014).
There is nothing specific
On Thu, Apr 01, 2021 at 01:50:40PM +0300, Alexander Bokovoy wrote:
>
> This split of fields in FreeIPA Web UI exists since FreeIPA 4.0 which
> was part of early RHEL 7 deliveries (the code for separate OTP field was
> added in 2014).
>
> There is nothing specific about it -- Noggin developers
On ti, 30 maalis 2021, Kevin Fenzi wrote:
On Tue, Mar 30, 2021 at 09:30:33AM +0300, Alexander Bokovoy wrote:
Could you please explain where you want to do it? Noggin (Fedora
Accounts app) does handle the login itself, not FreeIPA. In the context
of what Fedora contributors interact with,
On Tue, Mar 30, 2021 at 09:30:33AM +0300, Alexander Bokovoy wrote:
>
> Could you please explain where you want to do it? Noggin (Fedora
> Accounts app) does handle the login itself, not FreeIPA. In the context
> of what Fedora contributors interact with, FreeIPA is only directly
> exposed via
Dnia Sat, Mar 27, 2021 at 10:56:32AM -0700, Kevin Fenzi napisał(a):
> On Sat, Mar 27, 2021 at 11:08:19AM +0100, Tomasz Torcz wrote:
> > >
> > > Notification via sms is... not too secure. ;(
> > > https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber
> >
> > I
On ma, 29 maalis 2021, Kevin Fenzi wrote:
On Sat, Mar 27, 2021 at 11:02:58PM +0100, Björn Persson wrote:
Kevin Fenzi wrote:
> I'd like us to add security query/respond pairs.
Those can very easily weaken security, as the answers are often public
and easy for an attacker to look up, especially
On 3/29/21 6:02 PM, Kevin Fenzi wrote:
On Sat, Mar 27, 2021 at 11:02:58PM +0100, Björn Persson wrote:
Kevin Fenzi wrote:
I'd like us to add security query/respond pairs.
Those can very easily weaken security, as the answers are often public
and easy for an attacker to look up, especially
On Sat, Mar 27, 2021 at 11:02:58PM +0100, Björn Persson wrote:
> Kevin Fenzi wrote:
> > I'd like us to add security query/respond pairs.
>
> Those can very easily weaken security, as the answers are often public
> and easy for an attacker to look up, especially when there are only a
> few
stan via devel wrote:
> e.g. What is your favorite food? Jamaica.
Acceptable for human-to-human interaction, but falls quickly to a
dictionary attack if verification is automated.
> or What was your team's name in high school? 0126672651361
43 bits of entropy if all the digits are random;
On Sat, 27 Mar 2021 23:02:58 +0100
Björn Persson wrote:
> Kevin Fenzi wrote:
> > I'd like us to add security query/respond pairs.
> There's a limited supply of such personal secrets that I can be sure
> I'll remember, so I can't do that for too many sites. It also requires
> a not too public
Kevin Fenzi wrote:
> I'd like us to add security query/respond pairs.
Those can very easily weaken security, as the answers are often public
and easy for an attacker to look up, especially when there are only a
few predefined questions to choose from.
If I can enter my own question, then I can
Tomasz Torcz wrote:
> I meant push notification, when the message is sent through secure channel
> to your smart phone and you get popup asking for authorization.
The Swedish BankID cartel did that in their proprietary app, and thus
enabled an outbreak of fraud. Here's how it works:
1: The
On Sat, Mar 27, 2021 at 11:08:19AM +0100, Tomasz Torcz wrote:
> >
> > Notification via sms is... not too secure. ;(
> > https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber
>
> I didn't write SMS. SMS is terrible, it's the worst 2F channel nowadays.
> I meant
On Sat, Mar 27, 2021 at 12:38:45AM +0100, Björn Persson wrote:
> Christopher wrote:
> > * Unlike many other implementations, there is no backup code option
> > (GitHub, Google, others, provide 10 one-time use backup codes you can
> > use in case you don't have access to your authenticator app;
Dnia Fri, Mar 26, 2021 at 01:47:08PM -0700, Kevin Fenzi napisał(a):
> On Fri, Mar 26, 2021 at 09:34:49PM +0100, Tomasz Torcz wrote:
> > Dnia Fri, Mar 26, 2021 at 03:26:53PM -0500, Brandon Nielsen napisał(a):
> > > On 3/26/21 3:24 PM, Matthew Miller wrote:
> > > > On Fri, Mar 26, 2021 at 02:48:39PM
Christopher wrote:
> * Unlike many other implementations, there is no backup code option
> (GitHub, Google, others, provide 10 one-time use backup codes you can
> use in case you don't have access to your authenticator app; these can
> be regenerated after a successful login).
It seems that the
On Fri, 26 Mar 2021 at 16:47, Kevin Fenzi wrote:
> On Fri, Mar 26, 2021 at 09:34:49PM +0100, Tomasz Torcz wrote:
> > Dnia Fri, Mar 26, 2021 at 03:26:53PM -0500, Brandon Nielsen napisał(a):
> > > On 3/26/21 3:24 PM, Matthew Miller wrote:
> > > > On Fri, Mar 26, 2021 at 02:48:39PM -0400,
On Fri, Mar 26, 2021 at 09:34:49PM +0100, Tomasz Torcz wrote:
> Dnia Fri, Mar 26, 2021 at 03:26:53PM -0500, Brandon Nielsen napisał(a):
> > On 3/26/21 3:24 PM, Matthew Miller wrote:
> > > On Fri, Mar 26, 2021 at 02:48:39PM -0400, Christopher wrote:
> > [Snip]
> > > > * In many places, including
On 3/26/21 3:36 PM, Matthew Miller wrote:
On Fri, Mar 26, 2021 at 03:26:53PM -0500, Brandon Nielsen wrote:
This is pretty common in my experience; it seems like password managers
should support this pattern.
I can't say I have ever appended an OTP to a regular password, and I
use 2FA
On Fri, Mar 26, 2021 at 04:24:29PM -0400, Matthew Miller wrote:
> On Fri, Mar 26, 2021 at 02:48:39PM -0400, Christopher wrote:
> > The new accounts site is awesome. But, the 2FA system does seem to be
> > a bit annoying.
>
> Can you file this as a ticket at
>
On Fri, 26 Mar 2021 at 16:27, Brandon Nielsen wrote:
> On 3/26/21 3:24 PM, Matthew Miller wrote:
> > On Fri, Mar 26, 2021 at 02:48:39PM -0400, Christopher wrote:
> [Snip]
> >> * In many places, including accounts.fedoraproject.org, in order to
> >> log in, you have to append the OTP to your
On Fri, Mar 26, 2021 at 03:26:53PM -0500, Brandon Nielsen wrote:
> >This is pretty common in my experience; it seems like password managers
> >should support this pattern.
>
> I can't say I have ever appended an OTP to a regular password, and I
> use 2FA everywhere I can.
Maybe more so on the
Dnia Fri, Mar 26, 2021 at 03:26:53PM -0500, Brandon Nielsen napisał(a):
> On 3/26/21 3:24 PM, Matthew Miller wrote:
> > On Fri, Mar 26, 2021 at 02:48:39PM -0400, Christopher wrote:
> [Snip]
> > > * In many places, including accounts.fedoraproject.org, in order to
> > > log in, you have to append
On 3/26/21 3:24 PM, Matthew Miller wrote:
On Fri, Mar 26, 2021 at 02:48:39PM -0400, Christopher wrote:
[Snip]
* In many places, including accounts.fedoraproject.org, in order to
log in, you have to append the OTP to your password, so it doesn't
really play nice with password managers.
This
On Fri, Mar 26, 2021 at 02:48:39PM -0400, Christopher wrote:
> The new accounts site is awesome. But, the 2FA system does seem to be
> a bit annoying.
Can you file this as a ticket at
https://pagure.io/fedora-infrastructure/issues? I got bitten by basically
all the same things, and I think we can
On Fri, Mar 26, 2021 at 03:53:39PM +0100, Vít Ondruch wrote:
> I have just tried https://accounts.fedoraproject.org/ and it is
> certainly welcome refresh.
>
> Congrats and thx to all involved.
+100!
Zbyszek
___
devel mailing list --
Hi All,
On Fri, Mar 26, 2021 at 2:15 PM Matthew Miller wrote:
>
> On Thu, Mar 25, 2021 at 10:55:40PM +, Aoife Moloney wrote:
> > I am beyond pleased to announce that the Fedora Accounts Team has reached
> > the point in our deployment that critical path services have been
> > configured to
The new accounts site is awesome. But, the 2FA system does seem to be
a bit annoying.
* It can't be disabled, so you can't try it out and later change your mind.
* Unlike many other implementations, there is no backup code option
(GitHub, Google, others, provide 10 one-time use backup codes you
On Thu, Mar 25, 2021 at 10:55:40PM +, Aoife Moloney wrote:
> I am beyond pleased to announce that the Fedora Accounts Team has reached
> the point in our deployment that critical path services have been
> configured to the new solution and end user impact should be little to
> none, so we are
On Fri, 2021-03-26 at 09:23 -0700, Michel Alexandre Salim wrote:
> On Thu, 2021-03-25 at 22:55 +, Aoife Moloney wrote:
> > Evening/Morning all,
> >
> > I am beyond pleased to announce that the Fedora Accounts Team has
> > reached the point in our deployment that critical path services have
>
On Thu, 2021-03-25 at 22:55 +, Aoife Moloney wrote:
> Evening/Morning all,
>
> I am beyond pleased to announce that the Fedora Accounts Team has
> reached the point in our deployment that critical path services have
> been configured to the new solution and end user impact should be
> little
On Thu, Mar 25, 2021 at 10:55:40PM +, Aoife Moloney wrote:
> Evening/Morning all,
>
> I am beyond pleased to announce that the Fedora Accounts Team has reached
> the point in our deployment that critical path services have been
> configured to the new solution and end user impact should be
Huge, huge thanks to everyone who worked on this; it was well communicated,
surprisingly non-disruptive given the scope and impact, and it works!
--
Gwyn Ciesla
she/her/hers
in your fear, seek only peace
in your fear, seek only love
-d. bowie
I have just tried https://accounts.fedoraproject.org/ and it is
certainly welcome refresh.
Congrats and thx to all involved.
Vít
Dne 25. 03. 21 v 23:55 Aoife Moloney napsal(a):
Evening/Morning all,
I am beyond pleased to announce that the Fedora Accounts Team has
reached the point in our
Evening/Morning all,
I am beyond pleased to announce that the Fedora Accounts Team has reached
the point in our deployment that critical path services have been
configured to the new solution and end user impact should be little to
none, so we are now officially out of outage!
For a while we
35 matches
Mail list logo