On 31/03/2024 13:42, Neal Gompa wrote:
At this point, I'm used to MFA for stuff (and I use a password
manager
that handles 2FA OTPs too), but the Fedora implementation of MFA is
uniquely bad because we have to do a lot in the terminal, and our MFA
implementation sucks for terminal usage.
If MFA is turned on:
1. The Fedora account integration in GNOME breaks
2. You need to concatenate password and OTP for getting a krb5 session ticket
3. The recovery mechanism involves GPG signed emails
The experience using 2FA for Fedora accounts is sufficiently
unpleasant that I really don't want to use it.
Thank you, these are valid
points that I was mostly unaware of.
1 and 2 (I use a mooltipass, so it's just one extra click) aren't a
problem for me and hopefully I'll never need the 3rd, but I can see how
this could have a big impact on other users.
--
Arthur Bols
fas/irc: principis