New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Hi,
hrhr you really want to kill all providers ;-)
IF your goal was howto make things even more worst for everyone, THEN you got full points.
I can not even imagine how many tickets more will come to us if what ever auth will work first and then, without any doing of the customer it wont work after a specific time.
Thats basically a time bomb. Exploding right in your support face ;-)
Imagine people will use an automatic script, being fed with the the login credentials. The script will for basically 100% sure not expect a prompt to enter a password.
Image people will login via SFP because they only want to use it as file storage.
Or just test if login works and then forget about it. Or idle it. Or .... just pick another 20 possibilities where things will go downhill.
But thank you for trying to solve this problem.
OK, dumb qestion
Why do not users set up oathtool ( or any other ) via the CLI???
It is straight forward simple.
Then your ssh login ( even if root ) becomes:
SSH connection
↓
Password requested
↓
Password verified
↓
OTP code requested
↓
OTP verified
↓
Login allowed
in case of ssh keys:
SSH key accepted
↓
OTP code requested
↓
login success
And before someone asks, no, I would not tie the OTP of the VPS to the login OTP of the account, this isn't a Single Sign-On (SSO) idea.
I would do Single Sign-On (SSO) only if the account login is exclusively webauth/fido2 based.
Hmmmm, might create a tutorial on this and attach to the welcome mail ( that most don't bother reading till the end )
How does the above sound? Fellas.... Bring the pitchforks.
I suspect most users at this tier (or any?) don't give a shit. The ones that do already handle their business appropriately.
I think this thread was meant to be about shaming /providers/ doing stupid shit.
I get that, most of these are, as lately there is a lot of hatred towards providers ( funny as you all use their services ), still that does not mean that there cannot be some decent outcome of a debate like this, so regardless of the shit, my qestion is more towards the fellas using user + pass till this day, is setting up OTP such a effort?
Well hatred is strong but imo what we're seeing is just natural with the race to the bottom. Customers get tired of being taken advantage of while refusing to admit it's their want for $7/yr causing providers to do stupid shit to make $7/yr possible. Plus of course this is LowEnd full of sharks and shitbags actually looking to take advantage. That doesn't apply to all of us obviously, customer or provider. Anyway, another digression.
But yea oath-toolkit is super cool, sorry :P
Not saying it was a solution, just a reply to someone saying that it's possible to enforce their recommendation (regardless of whether or not it causes any issues with confused customers pestering support).
To make things easier, there's a lot you can do with PAM (like oath-toolkit as @host_c mentioned).
I honestly don't see the problem. Just change the password immediately if you want to