On 4/13/24 01:44, Richard W.M. Jones wrote:
On Fri, Apr 12, 2024 at 04:50:13PM -0500, Chris Adams wrote:
> Once upon a time, Richard W.M. Jones <rjones(a)redhat.com> said:
>> So the problem with github is they don't allow you to have 2FA on a
>> backup device (or rather, it *is* possible, but the process is
>> ludicrous[1]). If you have your phone as second FA and lose it then
>> you have to immediately fall back to the piece of paper.
>
> I haven't seen a site with TOTP 2FA allow multiple TOTP codes, they all
> just store one. It's trivial to scan the TOTP code into multiple
> devices (depending on the software used, you can sometimes "export" a
> TOTP code from one device to another by showing a QR code on the first
> device), so that's hardly a "ludicrous" method.
I sometimes think how hard it would be to explain all of this to my
mother. I don't understand why 2FA needs to be so obscure and clumsy
to use.
Rich.
You got a really good point there. All MFA implementations the industry
has come up with are less than ideal in one way or the other.