stuartpb
commented
7 years ago While drafting up a replacement for totp can happen over time, removing the few extant instances of its current form needs to happen ASAP. Putting on v0.1.0 accordingly.
Closed stuartpb closed 7 years ago
stuartpb
commented
7 years ago While drafting up a replacement for totp can happen over time, removing the few extant instances of its current form needs to happen ASAP. Putting on v0.1.0 accordingly.
The
totptop-level enum (where the only known value is"optional") is way inadequate and future-hostile. It's another one of those barnacles that was drafted up too quickly in the very early days of the project, when anything vaguely security-related was being thrown in to be recorded without any regard for how it may evolve.There are three profiles that currently use it - they can be logged here for now, and then those site profiles can be revisited in the future as a proper structure for documenting multi-factor authentication can be drafted (taking into account other issues like #135).
Those three sites:
Until said time as a proper 2FA structure can be devised, any future sites that have TOTP can just ping this issue (or another, better one that has some active discussion and thought attached, gathering a more diverse set of use cases and examples).