[X2Go-Dev] Bug#1036: add support for Mobile-OTP (MOTP) tokens
Tor Perkins
x2go23 at noid.net
Mon May 16 18:10:10 CEST 2016
Package: x2goclient
Version: 4.0.5.2
Tags: patch
Hello,
There is very nice OTP (One Time Password) algorithm called "Mobile-OTP"
(MOTP). Here is a link for more information:
http://motp.sourceforge.net/
This small patch extends x2goclient's OTP support to accommodate MOTP.
The patch adds a new string ("passcode:") to challenge_auth_code_prompts_[].
It also adds some comments that indicates the source of the various prompt
strings in that array.
MOTP is a very nice algorithm that is worthy of support for several reasons.
It is "free" and "open" and does not rely on a third party infrastructure to
operate.
It is a Time-based One Time Password (TOTP) algorithm (like OATH can be), with
a distinguishing advantage; it does 2FA ("2 Factor Authentication") innately.
That is because it requires a 4 digit PIN to be entered every time it is used.
The PIN is not stored in the "token" (i.e. smartphone), so a stolen phone
does an attacker no good...
It is well established and popular. There are many versions of the "token"
available (much more than just IOS and Android apps). It is supported by
several "backend" systems (like LinOTP). Please refer to the "Links" section
on the project page for many more examples...
Thanks for your consideration! X2Go rocks!
- Tor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: add-support-for-Mobile-OTP-MOTP-tokens.patch
Type: text/x-patch
Size: 645 bytes
Desc: not available
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20160516/e9fe9867/attachment.bin>
More information about the x2go-dev
mailing list