On Sat, Jun 11, 2016 at 3:18 AM, Flipchan <flipc...@riseup.net> wrote:
> Let me awnser this for u:) use pgp , if c alot of ppl that use Googles > stuff but all gets send back to Google so i wouldnt want them to get my > data, github.com/flipchan/blogger i created 2factor so if the usr got a > pgp fingerprint it will be redirected to 2factor.html after login ,then u > generate a code(string of chars) and encrypt it with X users fingerprint > and give it 2min to decrypt ,thats pgp :) > > Scott Arciszewski <sc...@paragonie.com> skrev: (11 juni 2016 03:58:16 > CEST) > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA256 > > > >Hi, > > > >I'm developing a CMS platform called Airship and I'd like to make it > >as Tor-friendly as possible. > > > >Someone from the community suggested Two-Factor Authentication, but as > >far as I'm aware there aren't many good options: > > > >* SMS-based authentication requires a phone number, which is > >identifying information > >* Google Authenticator requires a Google Account, which now-a-days > >requires surrendering your phone number to Google > >* FIDO U2F requires users to purchase separate hardware devices which, > >while cheap, aren't already in the arsenal of most netizens > > > >I was curious if anyone in/around Tor was aware of any > >privacy-preserving 2FA initiatives. > > > >Thanks a lot, > > > >Scott Arciszewski > >Chief Development Officer > >Paragon Initiative Enterprises > >-----BEGIN PGP SIGNATURE----- > >Version: Mailvelope v1.4.0 > >Comment: https://www.mailvelope.com > > > >wsBcBAEBCAAQBQJXW3AsCRBrl6HCgmQE2gAA06YIAIx89seJ/M1Z+8V6+4sP > >VRMCOcH2tPBbBl7KW17RRDuO2aoDsWNiaLNgY7ssHcm2xBte0T04uNTxfYxu > >8/pzzgUrU6L7WHcUnGdUfqHtdBr6DY6xSrSavu6VwEATm0f5qDl3AouHyd9X > >9aZs1nNX0/QQc/hMOE+hfkGl0rUDKKiwXCxLqXTxdxHiNqixQjb2GpfbiUen > >ph4BLFAIFsUZ/STGRJOY31SVB/Lk9MOG2VOPlhXa27R+8IV7rcq41sQtEdUL > >AdDOOCazmNISpUz1/I6/0wW16fGqrHk3jbtWMklzl4LI5aFg1w3CmV/MLEZE > >i2HHPGvMiO3osSmyNBM2lL0= > >=a2E8 > >-----END PGP SIGNATURE----- > >-- > >tor-talk mailing list - tor-talk@lists.torproject.org > >To unsubscribe or change other settings go to > >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > -- > Sincerly Flipchan > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > We're already using PGP/GPG for password resets. (Account recovery is, additionally, a feature users can opt out of entirely.) https://twitter.com/CiPHPerCoder/status/739536854517702660 https://twitter.com/CiPHPerCoder/status/739537611367276545 However, PGP is a terrible choice for usability here. I'm not trying to cater to the ultra-crypto-nerd crowd with this feature, because they're unlikely to have weak passwords and therefore *need* 2FA. Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises <https://paragonie.com/> -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
