[security-dev] managing OTP

Sunday, 11 August 2013

There's a few issues with managing credentials.  The first is, there is 
no way to remove a credential.  This is essential to TOTP as you may end 
up with a lost or obsolete device.

https://issues.jboss.org/browse/PLINK-236

THe 2nd is that for TOTP, you will want to check every device on a 
credential validation rather than just one:

https://issues.jboss.org/browse/PLINK-237

Our own VPN allows me to set up multiple tokens.  I have one on my 
iphone and ipad just in case I lose one or the other.  OUr VPN allows me 
to use either to login in.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

[security-dev] managing OTP