[security-dev] managing OTP
bburke at redhat.com
Sun Aug 11 07:58:27 EDT 2013
There's a few issues with managing credentials. The first is, there is
no way to remove a credential. This is essential to TOTP as you may end
up with a lost or obsolete device.
THe 2nd is that for TOTP, you will want to check every device on a
credential validation rather than just one:
Our own VPN allows me to set up multiple tokens. I have one on my
iphone and ipad just in case I lose one or the other. OUr VPN allows me
to use either to login in.
JBoss, a division of Red Hat
More information about the security-dev