I am broadly a MFA (Multi-Factor Authentication) skeptic (cf) and as a result| utcc.utoronto.ca
Time-Based One-time Passwords (TOTP) are| utcc.utoronto.ca
Linux people: is there a passkeys implementation that does not use physical hardware tokens (software only), is open source, works with Firefox, and allows credentials to be backed up and copied to other devices by hand, without going through some cloud service? I don't think I'm asking for much, but this is what I consider the minimum for me actually using passkeys. I want to be 100% sure of never losing them because I have multiple backups and can use them on multiple machines.| mastodon.social
Well it took about a year before things forced me to set up MFA on Github with the most limited, janky setup possible. It was due to needing to report an issue with Prometheus because 3.7.0 quietly broke (some) existing reverse proxy configurations and although there have been two point releases since then, neither have fixed the issue because maybe Prometheus people don't think enough people are affected. Whatever. I've thrown my hat into the ring. This is definitely my grumpy face.| mastodon.social
I wonder what's the absolute minimum TOTP 'second factor' implementation I can put together for Github's stupid mandate that I must have MFA in order to file bug reports. There's at least one Go TOTP CLI program that stores secrets unencrypted, so that's probably it. (Github will not require that I use MFA when pushing code via SSH, just when I log in on the website. The only time I log in on the website is to make issue reports in other projects.)| mastodon.social
Payment service providers and banks are evolving service delivery to online payments from physical branches. Using Passkeys for Payments with FIDO’s open and scalable authentication standards offers a faster and easier way to secure online payments.| FIDO Alliance
