#dev 2024-12-22

2024-12-22 UTC
MyNetAz joined the channel
#
capjamesg[d]
aaronpk I am implementing OTP right now using https://pyauth.github.io/pyotp/. Are there attack vectors should I keep in mind w/r/t brute forcing?
#
capjamesg[d]
[edit] aaronpk I am implementing OTP right now using https://pyauth.github.io/pyotp/. Are there attack vectors should I keep in mind w/r/t brute forcing?
#
[snarfed]
capjamesg enrollment is important! when you enroll a user, make sure you have them enter at least one code and check it. also consider generating and accepting backup codes
#
[snarfed]
(feel free to ignore all of that if this is only for you yoursef)
#
capjamesg[d]
Does this apply for email-based OTP too?
#
capjamesg[d]
The flow is a user types in their password and if they are successful are prompted for a code emailed to them.
#
aaronpk
is there a reason you don't want to use passkeys instead of OTP? it's a much better UX
#
capjamesg[d]
It looks more complex to implement?
Kupietz joined the channel
#
Kupietz
Hey aaronpk, is there a particular reason the chat entry is 400px? I'm going to put in a pull request with a minor change to limit the max width to 95vw so it doesn't run off the right side of the screen on small old phones, but, is there a reason you don't want it to take up most of the horizontal width of the window on bigger screens?
#
Kupietz
Sorry, coming out of nowhere with that... just talking about my question the other day about the width of the entry field on these web chat screens.
#
aaronpk
it's been so long since i've touched any of that, feel free to tweak as needed
#
Kupietz
Check. Thanks.
MyNetAz, Nova_Guy, bterry, grufwub, gRegor, AcesAndEights, Kupietz, ttybitnik, nemonical, lucas1, sebbu2 and Hoinkas joined the channel
#
capjamesg[d]
I got TOTP implemented!
#
GWG
When talking to [tantek]2 earlier I suddenly want a simple micropub checkin app
#
GWG
aaronpk: How do you end up with a repo for an iOS check-in app?
Kupietz joined the channel
#
Kupietz
capjamesg[d] Awesome! Congrats!
#
Kupietz
Authentication schemes are always challenging/frustrating/fun. I got oAuth implemented in a FileMaker app once, and, while it was fun, I was also glad that's the sort of thing you only really need to do once.
#
GWG
gRegor: What is the php framework that you were playing with?
#
aaronpk
GWG: I'm not sure I understand the question
#
GWG
aaronpk: Sorry, still have a headache. Story behind https://github.com/aaronpk/checkie
#
Loqi
[preview] [aaronpk] Checkie: A lightweight foursquare client for the iOS