Email or username:

Password:

Forgot your password?
Gusted's posts Post Back to profile
Gusted

Oh no! a wild security feature for @forgejo has appeared that even Github doesn't have! codeberg.org/forgejo/forgejo/p

#forgejo

24 July at 13:19 | Open on social.linux.pizza
8 comments
Drew DeVault

@Gusted @forgejo nice, been putting off doing the same feature for sourcehut for years

24 July at 13:30 | Open on fosstodon.org
Gusted

@drewdevault @forgejo I hope you don't have to make the same sacrifice as Forgejo does, password being echoed back because PTY allocations are disabled for SSH sessions.

24 July at 13:33 | Open on social.linux.pizza
Drew DeVault

@Gusted @forgejo we can allocate a PTY (it's more involved but forgejo could do this also)

But I think what's more likely is that we'll issue new recovery codes via SSH, then you'll have to log in with user/pw on the web to use them

24 July at 13:34 | Open on fosstodon.org
James Wells

@Gusted @forgejo
Interesting feature... Look forward to playing with it when it get's merged.

24 July at 13:33 | Open on mastodon.acm.org
feld
@Gusted @forgejo

> Something that has come up in these situations is that such people usually have a (verified) SSH key added to their account and could use that to prove they are the owner of the account, by the possession of such SSH key.

okay so what's the point of enforcing any TOTP if it's basically defeated by possessing a verified SSH key?
@Gusted @forgejo

> Something that has come up in these situations is that such people usually have a (verified) SSH key added to their account and could use that to prove they are the owner of the account, by the possession of such SSH key.
24 July at 13:39 | Open on bikeshed.party
⚜ Ån̶t̶hiǝ¯₣ab̷r̷ε ⚜ ☮️

@Gusted @forgejo nice to see the potentially in Forgejo. I wasn't even aware that #gitlab can do this.

24 July at 14:38 | Open on mastodon.social
Z3r0 ~ :t_blink:
Go Up