Update about recovery parts + side channel attack mention

ossf / great-mfa-project

The Great Multi-Factor Authentication (MFA) Distribution Project of the Open Source Security Foundation (OpenSSF). We work to distribute hardware MFA tokens to critical open source software (OSS) projects.

Other

53 stars 14 forks source link

Update about recovery parts + side channel attack mention #33

Closed blabla1337 closed 3 years ago

blabla1337 commented 3 years ago

Hope this is the write location you wanted the text in?

david-a-wheeler commented 3 years ago

The problem with SMS as a backup is that then the MFA tokens aren't better than SMS - they still are subvertable with SMS.

But this is probably better than not saying anything at all.

I'm merging this, and if people have better ideas they can add another PR.

Thanks so much for the contribution. Let's keep it going. We're going to be distributing keys relatively soon, we'll need to get this in shape fast :-).