[tor-talk] Tor-Friendly Two-Factor Authentication?
Scott Arciszewski
scott at paragonie.com
Sat Jun 11 06:51:32 UTC 2016
On Fri, Jun 10, 2016 at 10:13 PM, Allen <allenpmd at gmail.com> wrote:
> On Fri, Jun 10, 2016 at 9:58 PM, Scott Arciszewski <scott at paragonie.com>
> wrote:
>
> > * FIDO U2F requires users to purchase separate hardware devices which,
> > while cheap, aren't already in the arsenal of most netizens
> >
>
> How about developing a simple 2FA app for a smartphone? Maybe a smartphone
> could emulate a FIDO U2F? Alternately, I remember some of the first 2FA
> devices were fobs that displayed a 6 digit code that changed every 15
> seconds or so, based a pseudorandom generator that had a secret seed value
> that was known by the server. A simple smartphone app design might be to
> give the user a pseudorandom seed when they create their account, the user
> inputs the seed into the app on their phone, and then when they want to
> login they have to enter a 6-8 digit code displayed by their smartphone
> app. Maybe some apps like that already exist...
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
Since I sent my email
I've been
informed that Google Authenticator doesn't require a Google account. It
should be universal (RFC 4226 and/or 6238)
.
If I encounter any difficulties, I'll revisit this thread (possibly with a
vendor-neutral implementation if it proves annoying enough).
Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com/>
More information about the tor-talk
mailing list