search

GrapheneOS / AttestationServer

attestation.app remote attestation server. Server code for use with the Auditor app: https://github.com/GrapheneOS/Auditor. It provides two services: submission of attestation data samples and a remote attestation implementation with email alerts to go along with the local implementation based on QR code scanning in the app.
https://attestation.app/
MIT License
106 stars 45 forks source link

add 2fa #397

Closed bingoxo closed 1 month ago

bingoxo commented 7 months ago

can you consider adding 2fa to the site ?

thestinger commented 7 months ago

Yes, but we'd probably only support FIDO2 rather than legacy TOTP.

bingoxo commented 7 months ago

well TOTP is better than nothing , you can also add passkeys : https://passage.1password.com/

thestinger commented 7 months ago

Simply using a long random passphrase via a password manager makes TOTP quite pointless. There's also no account recovery for this service for security reasons.

RAYs3T commented 2 months ago

@bingoxo With FIDO2 passkey-setup is possible. Also with the option to use hardware keys like Yubikeys this is much more secure.

thestinger commented 1 month ago

Duplicate of https://github.com/GrapheneOS/AttestationServer/issues/22.