Freeradius and 2 Factor Authentication

Cornelius Kölbel cornelius.koelbel at netknights.it
Sun Jun 12 20:31:27 CEST 2016


Am Sonntag, den 05.06.2016, 22:31 +0200 schrieb Michael Ströder:
> Michael Ströder wrote:
> > Peter Lambrechtsen wrote:
> >> do see there are multiple sites now support TOTP where the enrollment is
> >> seamless for end-users. Login to a web site, use Google Authenticator or
> >> Authy or any other myriad of TOTP clients to scan the QR code.
> > 
> > I really wonder why scanning the shared secret as QR code from a screen is
> > considered an acceptable security practice. :-/
> 
> BTW: And hosted OTP services have access to all the shared secrets...

This is why you should run the OTP service yourself!

> 
> Ciao, Michael.
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Cornelius Kölbel
cornelius.koelbel at netknights.it
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160612/7fa76a12/attachment.sig>


More information about the Freeradius-Users mailing list