[go: nahoru, domu]
Skip to content
This repository has been archived by the owner on Nov 7, 2023. It is now read-only.

Add separate password/touch id check for mobile apps #90

Open
phahulin opened this issue Jan 29, 2018 · 1 comment
Open

Add separate password/touch id check for mobile apps #90

phahulin opened this issue Jan 29, 2018 · 1 comment
Labels
feature-request

Comments

@phahulin
Copy link

If someone stole or by some other means gained access to the phone and knows password to unlock it, [s]he can gain access to all servers even not knowing them beforehand, because [s]he can view list of known hosts with their IPs, pair with any new device, approve auth.
Password used to unlock a phone is usually shorter than password used to encrypt an ssh key, also it is
used more frequently.

Suggestions:

  1. require user to generate a separate password (not device password) for the mobile app. Add settings to ask password each time/once in a period of time when app is opened or auth is requested
  2. always ask this password when pairing with a new device or opening "known hosts"
  3. maybe send email alert when pairing with a new device
@kcking
Copy link
Contributor
kcking commented Jan 29, 2018

Thanks for your ideas on this. We already require re-authentication when pairing a new device exactly for this reason. We are also considering other solutions to this such as a team policy requiring another team member or admin to confirm the pairing of a new device.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
feature-request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kcking @phahulin