[security-dev] TOTPCredentails should not be associated with Password

Bill Burke bburke at redhat.com
Tue Jun 11 10:19:56 EDT 2013


Right now, AFAICT, you cannot update the TOTP secret key without also 
knowing the password.  I"d like to not have TOTP classes inherit from 
the corresponding Password classes.  I can implement and provide a pull 
request if you agree.

Another thing to think about down the road is that you may want to allow 
multiple tokens.  Tokens generated by different devices owned by the user.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the security-dev mailing list