On 08/08/2024 11:58, Jeffrey Walton wrote:
++. I find the W3C's clipboard API and event API very dangerous.
"clipboardchange" event is not supported making enough people unhappy.
Reading/writing is protected by either user gesture context or by
permissions. However a chance of unwanted acces
On Wed, Aug 7, 2024 at 10:22 PM Max Nikulin wrote:
>
> On 07/08/2024 11:40, to...@tuxteam.de wrote:
> > In my threat model, if I already have an application running under
> > my own user ID, I call XKCD 1200 [1] on it.
>
> Browser JavaScript API allows to read and write clipboard. It is
> protecte
On Thu, Aug 08, 2024 at 09:21:45AM +0700, Max Nikulin wrote:
> On 07/08/2024 11:40, to...@tuxteam.de wrote:
> > In my threat model, if I already have an application running under
> > my own user ID, I call XKCD 1200 [1] on it.
>
> Browser JavaScript API allows to read and write clipboard. It is pr
On 07/08/2024 11:40, to...@tuxteam.de wrote:
In my threat model, if I already have an application running under
my own user ID, I call XKCD 1200 [1] on it.
Browser JavaScript API allows to read and write clipboard. It is
protected to some extent by user prompts. On the other hand in ChromeOS
On 7 Aug 2024 10:11 +0700, from maniku...@gmail.com (Max Nikulin):
> https://lists.debian.org/msgid-search/zrbudbr0nuozn...@tuxteam.de
> On 05/08/2024 11:26, to...@tuxteam.de wrote:
>> On Sun, Aug 04, 2024 at 09:19:33PM +0200, Detlef Vollmann wrote:
>>> gpg --decrypt --quiet key.asc | oathtool -b -
On Wed, Aug 07, 2024 at 10:11:08AM +0700, Max Nikulin wrote:
Hi, Max,
Thanks for your quite extensive (and, as always, insightful) reply.
Most of the points have been touched on in this long thread. The
insecurity of the X protocol, etc.
In my threat model, if I already have an application runn
On 06/08/2024 23:37, to...@tuxteam.de wrote:
On Tue, Aug 06, 2024 at 11:07:14PM +0700, Max Nikulin wrote:
On 06/08/2024 11:37, to...@tuxteam.de wrote:
TOTP is a standard (rfc6238 [1]) so it actually/should/ give the same
numbers regardless of the application.
It is mostly true, however authe
On Tue, Aug 06, 2024 at 11:07:14PM +0700, Max Nikulin wrote:
> On 06/08/2024 11:37, to...@tuxteam.de wrote:
> > TOTP is a standard (rfc6238 [1]) so it actually/should/ give the same
> > numbers regardless of the application.
> >
> > (This is what miffs me most: those marketing departments always
On 06/08/2024 11:37, to...@tuxteam.de wrote:
TOTP is a standard (rfc6238 [1]) so it actually/should/ give the same
numbers regardless of the application.
(This is what miffs me most: those marketing departments always sell you
some unspecified snake oil -- "authenticator app", "2FA" -- instead
On Tue, Aug 6, 2024 at 4:25 AM Kevin Price wrote:
>
> [...]
>
> 2FA is intended to raise the bar of stealing your login from just one
> leaked known secret (username/passphrase) to two _strictly_ separate
> bars. The latter must not be yet another secret, but might be physical
> custody of some gi
On Tue, Aug 06, 2024 at 07:10:38AM +0200, Kevin Price wrote:
> Dear Mick, dear all:
[...]
So far, agreed.
> If I understand you correctly, Mick, you're considering to move your
> TOTP factor out of an independent device towards your local debian
> machine for convenience, so you'd be giving away
Dear Mick, dear all:
Am 05.08.24 um 09:06 schrieb Michael Kjörling:
> On 5 Aug 2024 05:31 +0800, from wes...@mxcloud.eu.org (Wesley):
>> OT question, can debian desktop run a simulator for phone app?
Absolutely yes. But that's not going to help anyone in this thread.
> If OP thinks a password ma
On Mon, Aug 05, 2024 at 10:22:35PM +, Corey Hickman wrote:
> August 5, 2024 at 10:35 PM, "Tim Woodall" wrote:
>
>
> > >
> > > oathtool (in the same-named Debian package) might be your friend.
> > >
> >
> > I use this too, and it gives the same numbers as FreeOTP which I have
> >
> > ins
August 5, 2024 at 10:35 PM, "Tim Woodall" wrote:
> >
> > oathtool (in the same-named Debian package) might be your friend.
> >
>
> I use this too, and it gives the same numbers as FreeOTP which I have
>
> installed on my phone.
>
Me second with oathtool which just works for me.
regards.
On Sun, 4 Aug 2024, to...@tuxteam.de wrote:
On Sun, Aug 04, 2024 at 05:44:07PM +0100, Mick Ab wrote:
I have a Debian Bullseye desktop PC.
I am looking for a 2fa authenticator that works on my desktop, without
using a smartphone or tablet.
I don't know what an "authenticator app" is. If what
On 5 Aug 2024 05:31 +0800, from wes...@mxcloud.eu.org (Wesley):
> OT question, can debian desktop run a simulator for phone app?
If OP thinks a password manager is "more complicated than needed",
then what isn't running a hardware emulator + whole operating system +
Who knows what?
--
Michael Kj
On Sun, Aug 04, 2024 at 09:16:15PM +0100, Mick Ab wrote:
> I realise that Authy is still available on smartphones and tablets, but I
> do not want to use a smartphone or a tablet.
>
> I simply need to run a simple 2FA TOTP authenticator on my Debian desktop
> PC.
For TOTP, at least two in this li
On Sun, Aug 04, 2024 at 09:19:33PM +0200, Detlef Vollmann wrote:
[...]
> I also use oathtool, but with an encrypted key:
>
> gpg --decrypt --quiet key.asc | oathtool -b --totp -
Thanks for posting the "correct" way. Yes, this way your secret is
secure when "at rest".
> > Xclip (from the same-n
On Sun, Aug 4, 2024 at 3:50 PM Mick Ab wrote:
>
> I have a Debian Bullseye desktop PC.
>
> I am looking for a 2fa authenticator that works on my desktop, without using
> a smartphone or tablet.
> [...]
> Can anyone help please ?
$ apt search totp
Sorting... Done
Full Text Search... Done
glewlwyd
On Monday, 05-08-2024 at 06:16 Mick Ab wrote:
> I realise that Authy is still available on smartphones and tablets,
but I
> do not want to use a smartphone or a tablet.
>
> I simply need to run a simple 2FA TOTP authenticator on my Debian
desktop
> PC.
>
Having had to use Authenticators myself,
On Monday, 05-08-2024 at 07:31 Wesley wrote:
> OT question, can debian desktop run a simulator for phone app?
Not so off topic.
I once ran an Android simulator that required a google account, on my laptop in
a KVM VM, as a test for running a program that could only be run on an Android
Mobil
OT question, can debian desktop run a simulator for phone app?
Thanks
On 2024-08-05 04:58, didier gaumet wrote:
Le 04/08/2024 à 22:16, Mick Ab a écrit :
I realise that Authy is still available on smartphones and tablets,
but I do not want to use a smartphone or a tablet.
I simply need to ru
Le 04/08/2024 à 22:16, Mick Ab a écrit :
I realise that Authy is still available on smartphones and tablets, but
I do not want to use a smartphone or a tablet.
I simply need to run a simple 2FA TOTP authenticator on my Debian
desktop PC.
Hello,
I do not use such applications but a search
I realise that Authy is still available on smartphones and tablets, but I
do not want to use a smartphone or a tablet.
I simply need to run a simple 2FA TOTP authenticator on my Debian desktop
PC.
Thanks very much to all who replied to my email re authenticator apps.
An authenticator app is a small program that uses TOTP codes to enable a
2fa software token secure connection between a user and their online
accounts.
This type of connection is approved by many websites and is more secure
On 8/4/24 19:57, to...@tuxteam.de wrote:
On Sun, Aug 04, 2024 at 05:44:07PM +0100, Mick Ab wrote:
I have a Debian Bullseye desktop PC.
I am looking for a 2fa authenticator that works on my desktop, without
using a smartphone or tablet.
I don't know what an "authenticator app" is. If what you
On Sun, Aug 04, 2024 at 02:09:30PM -0400, Greg Wooledge wrote:
> On Sun, Aug 04, 2024 at 19:57:22 +0200, to...@tuxteam.de wrote:
> > I don't know what an "authenticator app" is.
>
> I don't either, but I have to use one at work.
>
> https://support.microsoft.com/en-us/account-billing/about-micros
On Sun, Aug 04, 2024 at 19:57:22 +0200, to...@tuxteam.de wrote:
> I don't know what an "authenticator app" is.
I don't either, but I have to use one at work.
https://support.microsoft.com/en-us/account-billing/about-microsoft-authenticator-9783c865-0308-42fb-a519-8cf666fe0acc
I have no idea what
On Sun, Aug 04, 2024 at 05:44:07PM +0100, Mick Ab wrote:
> I have a Debian Bullseye desktop PC.
>
> I am looking for a 2fa authenticator that works on my desktop, without
> using a smartphone or tablet.
I don't know what an "authenticator app" is. If what you need is TOTP,
oathtool (in the same-n
On 4 Aug 2024 17:44 +0100, from recoverymail123...@gmail.com (Mick Ab):
> I have a Debian Bullseye desktop PC.
>
> I am looking for a 2fa authenticator that works on my desktop, without
> using a smartphone or tablet.
Most modern password managers that can run under Linux meet those
criteria. Kee
for use as a browser extension for Firefox and
Chrome. However I found that my Bullseye version of Firefox would not
accept the authenticator.cc. Also the authenticator.cc app did not appear
to be installed properly with my Bullseye version of Chrome.
I have found two simple authenticator apps
31 matches
Mail list logo
