Open sorki opened 7 months ago
Other people raised this recently too -- especially in light of pypi moving to 2fa https://discuss.python.org/t/announcement-2fa-requirement-for-pypi-2024-01-01/40906
working towards a 2fa story sounds well worth it and would be a welcome pr.
There is also https://hackage.haskell.org/package/webauthn by yours truly . For Yubikeys and passkeys
Multi factor auth (MFA) or two-factor auth (2FA) would be a nice addition to
hackage-server
. Both for its account management page andcabal upload
functionality.There seems to be three related libraries on Hackage:
As a minimal implementation, account management page would allow user to add a TOTP token via a QR code.
QR code related packages:
Suggestions welcome! I'm willing to work on this myself, would also appreciate co-authors since this requires a PRs for both hackage-server and cabal (and possibly for one of the OTP libraries).