[security-dev] managing OTP
Bill Burke
bburke at redhat.com
Sun Aug 11 07:58:27 EDT 2013
There's a few issues with managing credentials. The first is, there is
no way to remove a credential. This is essential to TOTP as you may end
up with a lost or obsolete device.
https://issues.jboss.org/browse/PLINK-236
THe 2nd is that for TOTP, you will want to check every device on a
credential validation rather than just one:
https://issues.jboss.org/browse/PLINK-237
Our own VPN allows me to set up multiple tokens. I have one on my
iphone and ipad just in case I lose one or the other. OUr VPN allows me
to use either to login in.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the security-dev
mailing list