* Gervase Markham: > Goal: fix bug 570252. Provide 2-factor authentication for some > Bugzilla accounts. > https://bugzilla.mozilla.org/show_bug.cgi?id=570252
The IP address restriction is a pretty strong factor. Basically, it means that a potential attacker would have to compromise a device quite close to the user (possible the terminal itself). If you deal with such attackers, very few reliable options exist. For Bugzilla, things are extraordinarily difficult because you don't want to protect transactions, but read access to certain bugs. As a result, extending the IP address restrictions, possibly using crypto tunnels such as OpenVPN, are probably a better investment than hardware tokens. You also need usage how the key material is to be handled by users. It will certainly not help against malware which captures server responses, but none of the technologies under consideration will. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
