1
0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-12-22 12:51:34 -05:00

Remove unnecessary shortcode

This commit is contained in:
Tommy 2022-08-25 23:50:59 -04:00 committed by GitHub
parent 5ae1761aca
commit 1681f99e22
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 1 additions and 55 deletions

View File

@ -31,7 +31,7 @@ The time-limited code is then derived from the shared secret and the current tim
If you have a [Yubikey](https://www.yubico.com/), you should store the "shared secrets" on the key itself using the [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/) app. After the initial setup, the Yubico Authenticator will only expose the 6 digit code to the machine it is running on, but not the shared secret. Additional security can be set up by requiring touch confirmation, protecting digit codes not in used from a compromised operating system. If you have a [Yubikey](https://www.yubico.com/), you should store the "shared secrets" on the key itself using the [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/) app. After the initial setup, the Yubico Authenticator will only expose the 6 digit code to the machine it is running on, but not the shared secret. Additional security can be set up by requiring touch confirmation, protecting digit codes not in used from a compromised operating system.
Unlike [WebAuthn](#fido2-fast-identity-online), TOTP offers no protection against [phishing](https://en.wikipedia.org/wiki/Phishing) or reuse attacks. If an adversary obtains a valid code from you, they may use it as many times as they like until it expires (generally {{< time "PT30S" >}}30&nbsp;seconds&nbsp;+ grace&nbsp;period{{< /time >}}). Unlike [WebAuthn](#fido2-fast-identity-online), TOTP offers no protection against [phishing](https://en.wikipedia.org/wiki/Phishing) or reuse attacks. If an adversary obtains a valid code from you, they may use it as many times as they like until it expires (generally 30 seconds + grace period).
Despite its short comings, we consider TOTP better and safer than Push Confirmations. Despite its short comings, we consider TOTP better and safer than Push Confirmations.

View File

@ -1,54 +0,0 @@
{{/*
HTML date/time element <time>
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/time
Output:
<time>TimeString</time>
<time datetime="TimeString">Text</abbr>
Syntax:
{{< time "TimeString" />}}
{{< time datetime="TimeString" />}}
{{< time >}}TimeString{{< /time >}}
{{< time "Text" "TimeString" />}}
{{< time text="Text" datetime="TimeString" />}}
{{< time "TimeString" >}}Text{{< /abbr >}}
{{< time datetime="TimeString" >}}Text{{< /abbr >}}
This file and its contents are licensed under the Blue Oak Model License 1.0.0.
https://blueoakcouncil.org/license/1.0.0
(c) 2022 WfKe9vLwSvv7rN
*/}}
{{- $datetime := "" -}}
{{- $text := "" -}}
{{- with .Get "datetime" -}}
{{- $datetime = . -}}
{{- with $.Get "text" -}}
{{- $text = . -}}
{{- else -}}
{{- $text = ($.Inner | $.Page.RenderString) -}}
{{- end -}}
{{- else -}}
{{- with .Get 1 -}}
{{- $datetime = . -}}
{{- $text = $.Get 0 -}}
{{- else -}}
{{- with .Get 0 -}}
{{- $datetime = . -}}
{{- $text = ($.Inner | $.Page.RenderString) -}}
{{- else -}}
{{ $datetime = .Inner -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- with $text -}}
<time datetime="{{ $datetime }}">{{ . }}</time>
{{- else -}}
<time>{{ $datetime }}</time>
{{- end -}}