Public bug reported:
I posted an issue at Google Code about this package:
https://github.com/google/google-authenticator/issues/514.
All the guides out there (e.g.:
http://www.howtogeek.com/208205/how-to-use-two-factor-authentication-on-your-linux-desktop-with-google-authenticator/
and
http://askubuntu.com/questions/193248/google-authenticator-for-desktop-lightdm-or-gdm-plugin)
lead to configurations that leave your system wide open for brute force
attacks on the first factor: the password. This is exactly what people expect
to be solved with this package.
A possible solution could be to rename this package, which will
invalidate all existing manuals, and to place a new and secure
instruction on the ubuntu channels for the new package name.
** Affects: google-authenticator (Ubuntu)
Importance: Undecided
Status: New
** Tags: brute-force google-authenticator
** Tags added: google-authenticator
** Tags added: brute-force
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1490905
Title:
all guides out there lead to configuration open to brute-force attacks
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/google-authenticator/+bug/1490905/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
