






















I think Arch Linux should start updates to packages require a second factor of authentication, ideally hardware keys / TOTP codes that can be stored off-device. Email is almost always accessible through the same device via the browser cache, and wouldn't be as effective, SMS is expensive.
Every single push should require an interactive 2FA check, which would be valid for that push; and that push only.
This wouldn't be a copmlete solution but it would complicate the life for attackers. And people smart enough
to make one of their 2FA methods on a different machine/mobile device could rest easier.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。