can't the poll question be changed? s/google Authenticator/2-factor auth/
mentioning google skews perception ;)
On Wed, 2020-02-26 at 15:04 +0000, turbo@tilde.club wrote:
If 2FA gets switched on, it should either be optional, or there should be a strategy for account recovery (by previously set alt email e.g.). I've been definitely locked out of servers before because of OTP loss or even bugs in 2FA PAM - although that was quite a while ago.
February 26, 2020 8:09 AM, "fosslinux" fosslinux@aussies.space wrote:
On 26/2/20 4:45 am, deepend wrote:
Hey ~clubbers. I know some people are not fans of public key authentication. So here is a poll I’d like to see if we can improve things since password only auth will not be returning.
http://www.strawpoll.me/19445663
Look forward to the result :)
I am of the opinion that extra authentication methods are certainly viable and a great idea, but only if they do not come to the cost of security. 2FA + password is fine, IMO.
(Also everyone please note that it is not restricted to Google Autenticator... everything Google Authenticator can do can be done by other apps like Authy or Yubico Authenticator if you have a YubiKey).