|
|
|
|
|
|
by jeroenhd
1408 days ago
|
|
|
Using your SIM card for MFA when logging in to an SSH server (through paid API requests to a third party) There are ways to use your phone's secure storage capabilities for key storage; this tool isn't leveraging the secure compute capabilities of your phone's SIM in any way. I've dabbled with using Krypt.co [1] for this, though that's sadly been deprecated and will at some point be replaced by a paid-for cloud service from Akamai. I'm sure there are other options available as well. A far superior method for SSH security would be a physical U2F key or even a smart card. It's also possible to set up TOTP as a second factor ([2], works with any TOTP solution, not just Google Authenticator). I don't see a need for this paid-for third party service unless you're already using their services for some kind of verification mechanism. [1]: https://krypt.co/ [2]: https://github.com/google/google-authenticator-libpam |
|
|