[
https://issues.apache.org/jira/browse/GUACAMOLE-1689?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Jumper closed GUACAMOLE-1689.
----------------------------------
Resolution: Won't Do
> TOTP - add property to remove (username) from Authenticator setup
> -----------------------------------------------------------------
>
> Key: GUACAMOLE-1689
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1689
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole-auth-totp
> Affects Versions: 1.4.0
> Reporter: Vincent Sherwood
> Priority: Minor
>
> When enrolling a user for TOTP, the barcode uses the text from the configured
> totp-issuer (or the default "Apache Guacamole") and appends " (username)"
> when creating the new entry in the Authenticator App. For example
> totp-issuer DevTest
> {quote}DevTest (bloggs_joe)
> 123456
> {quote}
> This leaks valuable information (their username for the system) to anyone who
> might catch sight of a user's authenticator.
> For security conscious users it would be good to add an option in the config
> file to hide the username
> # totp-hideuser - Flag to hide username from generated authenticator entry.
> Set value to 1 to hide the username. (Default 0)
> totp-issuer DevTest
> totp-hideuser 1
> {quote}DevTest
> 123456
> {quote}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
