Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Looking for beta testers for our HeyTerm web terminal project - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Looking for beta testers for our HeyTerm web terminal project

2»

Comments

  • dearroy said: HeyTerm now supports SSH two-factor authentication.

    I smell bullshit here. If it's a some sort of OTP (one time password ie. Google Authenticator, SMS or email code) that doesn't change anything at all! The codes are also generated on your side and the code is compared against the code provided by the user. If anyone breaks into your platform they also get access to the codes, thus making the 2FA useless. That proves you know shit about security lol. The only viable option is to have 2FA on the server itself, but that's outside your scope.

    Prove me wrong.

  • @LTniger said:
    Yea, this will not work if people won't see source code. At least those people who could be potential customers. A massive SPOF, unaudited code (code audition costs large money). I give max 1 year prior to deadpool.

    Whats worse is that even if we could see the source code whose to tell whats being run on their system?

  • dearroydearroy Member, Host Rep

    MrPsycho said: I smell bullshit here. If it's a some sort of OTP (one time password ie. Google Authenticator, SMS or email code) that doesn't change anything at all! The codes are also generated on your side and the code is compared against the code provided by the user. If anyone breaks into your platform they also get access to the codes, thus making the 2FA useless. That proves you know shit about security lol. The only viable option is to have 2FA on the server itself, but that's outside your scope.

    I am sorry but you misunderstood what has been implemented - the 2FA is on the server, not on our platform. It's common sense, you are very welcome to give it a try.

  • dearroydearroy Member, Host Rep

    No, we write our own scripts, but seems to be similar things.

Sign In or Register to comment.