2FA, was A Deep Dive on the Recent Widespread DNS Hijacking

• Previous message (by thread): 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
• Next message (by thread): 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Keith,

On Tue, Feb 26, 2019 at 6:00 AM Keith Medcalf <kmedcalf at dessus.com> wrote:
> >https://twofactorauth.org/#domains gives a good view of the domain
> >management landscape regarding 2FA.
>
> Seems to require the unfettered execution of third-party code ...
>
> Are you offering an indemnity in case that code is malicious?  What are the terms and the amount of the indemnity?

What are you talking about?! Are you ... trolling?

If you don't trust the various (excellent) closed & open-source
implementations of TOTP - you can write one yourself. The algorithm &
specification are entirely open and free to use:
https://tools.ietf.org/html/rfc6238

Using TOTP as 2FA is an excellent and recommended practice, and I am
happy to see so many domain registrars support it.

Regards,

Job

• Previous message (by thread): 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
• Next message (by thread): 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]