feature request: add 2FA, alternate log-in methods
There has been a recent request to the ops mailing list for 2FA. This has been requested in the services matrix channel a couple of times as well.
Some thoughts on possible delivery mechanisms:
- TOTP - input code, login
- login link is encrypted with pgp key / other key, displayed on webpage. user decrypts with their private key, follows link to login
Some bot/chat mechanisms might also be worth considering:
- matrix - get login url from bot, login
- xmpp - send login url from a xmpp bot (we have one at cyberia.top)
- SMS - above bot is hooked into jmp.chat number, so can send login url by text messages or by voice calls as well.
Personally I think totp would probably be simplest.
Deleting a branch is permanent. It CANNOT be undone. Continue?