[security-dev] TOTPCredentails should not be associated with Password
Bill Burke
bburke at redhat.com
Tue Jun 11 10:19:56 EDT 2013
Right now, AFAICT, you cannot update the TOTP secret key without also
knowing the password. I"d like to not have TOTP classes inherit from
the corresponding Password classes. I can implement and provide a pull
request if you agree.
Another thing to think about down the road is that you may want to allow
multiple tokens. Tokens generated by different devices owned by the user.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the security-dev
mailing list