Gregory's Server
@Gusted @forgejo
> Something that has come up in these situations is that such people usually have a (verified) SSH key added to their account and could use that to prove they are the owner of the account, by the possession of such SSH key.
okay so what's the point of enforcing any TOTP if it's basically defeated by possessing a verified SSH key?
> Something that has come up in these situations is that such people usually have a (verified) SSH key added to their account and could use that to prove they are the owner of the account, by the possession of such SSH key.
okay so what's the point of enforcing any TOTP if it's basically defeated by possessing a verified SSH key?