[pmwiki-users] One time passwords, anyone?
list_ob at gmx.net
Fri Aug 21 04:51:24 CDT 2015
does anobody use one time passwords with PmWiki?
To access private pages from foreign (untrusted) machines or networks,
it would be a nice option.
But I'm afraid that it is not simple to implement, correct?
With time based OTP like Google authenticator, one needs to keep track
of used passwords to avoid replay attacks. Counter based OTP need to
store the new counter value.
With challenge/response systems, you need a suitable password
generator on your mobile device.
And: Since PmWiki uses PHP sessions for authentication, is it
vulnerable to session hijacking?
Oliver Betz, Munich http://oliverbetz.de/
More information about the pmwiki-users