You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
well when trying to waltz a 2FA'd guthub account you get pretty much nothing.
now we have 2 options. either setup waltz as a 2FA device either by posing as U2F device or by re-setting up the 2FA Application so that waltz also can get the 2FA seed.
But in my opinion this option decreases security because everything is stored at the same place.
it may be true that waltz probably some kind of 2FA-based system but the problem is even if you make the way to the key 2FA, somebody could crack the database and especially in post-quantum where the effective security gets halved, which has QUITE an impact on the security of the database.
and then you essentially get a 2 sided 1 factor system because the same thing (the passowrd) is stored in 2 factors (1 your knowledge 2 the database) which makes the attack vector quite a bit wider.
Those people can turn off 2FA because that's NOT how you use it.
and then we have option 2: the one which sounds a lot better to me:
display the part of the page with the 2FA options (div id login) and ask for the code.
this would be the best answer in my opinion.
The text was updated successfully, but these errors were encountered:
well when trying to waltz a 2FA'd guthub account you get pretty much nothing.
now we have 2 options. either setup waltz as a 2FA device either by posing as U2F device or by re-setting up the 2FA Application so that waltz also can get the 2FA seed.
But in my opinion this option decreases security because everything is stored at the same place.
it may be true that waltz probably some kind of 2FA-based system but the problem is even if you make the way to the key 2FA, somebody could crack the database and especially in post-quantum where the effective security gets halved, which has QUITE an impact on the security of the database.
and then you essentially get a 2 sided 1 factor system because the same thing (the passowrd) is stored in 2 factors (1 your knowledge 2 the database) which makes the attack vector quite a bit wider.
Those people can turn off 2FA because that's NOT how you use it.
and then we have option 2: the one which sounds a lot better to me:
display the part of the page with the 2FA options (div id login) and ask for the code.
this would be the best answer in my opinion.
The text was updated successfully, but these errors were encountered: