2FA, was A Deep Dive on the Recent Widespread DNS Hijacking

Job Snijders job at instituut.net
Tue Feb 26 06:07:10 UTC 2019


On Tue, Feb 26, 2019 at 6:00 AM Keith Medcalf <kmedcalf at dessus.com> wrote:
> >https://twofactorauth.org/#domains gives a good view of the domain
> >management landscape regarding 2FA.
> Seems to require the unfettered execution of third-party code ...
> Are you offering an indemnity in case that code is malicious?  What are the terms and the amount of the indemnity?

What are you talking about?! Are you ... trolling?

If you don't trust the various (excellent) closed & open-source
implementations of TOTP - you can write one yourself. The algorithm &
specification are entirely open and free to use:

Using TOTP as 2FA is an excellent and recommended practice, and I am
happy to see so many domain registrars support it.



More information about the NANOG mailing list