On Sun, Aug 04, 2024 at 02:09:30PM -0400, Greg Wooledge wrote: > On Sun, Aug 04, 2024 at 19:57:22 +0200, to...@tuxteam.de wrote: > > I don't know what an "authenticator app" is. > > I don't either, but I have to use one at work. > > https://support.microsoft.com/en-us/account-billing/about-microsoft-authenticator-9783c865-0308-42fb-a519-8cf666fe0acc > > I have no idea what it is, but it's installed on my work-issued phone, > and I have to use it occasionally when I sign in to certain web apps > on my work-issued laptop. > > On the days where the web app decides it hasn't talked to Microsoft > Authenticator recently enough, I have to go get my phone, type the > passcode once to unlock it, click the Authenticator icon and type my > passcode a second time to launch the app, then type my passcode a > third time inside the app to validate that yes, I am the person trying > to open the web page. I think there's a two-digit number that I have to > type as well.
By the sound of it, it /might/ be a TOTP. At work we have two "applications", one is a webmail (*spit*), the other is -- uh -- a Gitlab. My approach works with both. Just get this secret key from the "app" and do roughly as I outlined. TOTP is sufficiently standardized that you might have a fighting chance. > I cannot imagine how installing one of these things on your Linux PC > is going to help you. Either you're dealing with a workplace-enforced > authentication setup, in which case you need to use whatever authenticator > *they* chose... or you're trying to establish some sort of "two factor > authentication" of your own, in which case, having both factors be > "I'm logged into my Linux account" kinda defeats the purpose. I have come to the conclusion that 2FA is, mostly, snake oil. It might protect you from a password leak (if the planets are aligned properly), but then they nudge you into storing your secret *and* your password in a cloud based password manager. Duh. My hunch is that surveillance capitalism has smelled blood again. The next Big Thing will be identity management in the Internet. You can already hear the feet shuffling to get a pole position. Cheers -- tomás
signature.asc
Description: PGP signature
