dmulder
commented
1 month ago This could be used to resolve #197, since we could just use PIN based auth for the service that doesn't support MFA.
Open dmulder opened 1 month ago
dmulder
commented
1 month ago This could be used to resolve #197, since we could just use PIN based auth for the service that doesn't support MFA.
tastle73
commented
1 month ago Where would this PIN be entered for the login if there's nowhere for the TOTP code?
dmulder
commented
1 month ago The PIN is entered in place of the password. Meaning, you only enter the PIN, instead of entering a password and OTP.
There should be an option that specifies which services can use the Hello PIN, instead of doing a full MFA. For example, SSH should typically use MFA, while GDM should not. RDP doesn't allow an MFA prompt, so it should use the Hello PIN, etc.