so far I have been using the Yubikey OTP plugin, but wanted to switch to your implementation because of google Authenticator.
I want to use it in the real "Two-factor mode".
In my opinion there is a design lack in your implementation.
Suppose you have a keylogger on your system and it records the PW then you can easily use it to authenticate via webdav etc, just strip of the OTP!
Therefore the two-factor setup only makes sense if there is the possibility/must to set an additional PW that will only work in conjunction with the OTP.
In case that you alter this issue I guess you will have troubles with the encryption app. Not sure how this could be solved!
Anyways thank you for this app and I hope to see some improvements soon.
Hi,
so far I have been using the Yubikey OTP plugin, but wanted to switch to your implementation because of google Authenticator.
I want to use it in the real "Two-factor mode". In my opinion there is a design lack in your implementation.
Suppose you have a keylogger on your system and it records the PW then you can easily use it to authenticate via webdav etc, just strip of the OTP! Therefore the two-factor setup only makes sense if there is the possibility/must to set an additional PW that will only work in conjunction with the OTP.
In case that you alter this issue I guess you will have troubles with the encryption app. Not sure how this could be solved!
Anyways thank you for this app and I hope to see some improvements soon.