
Show HN: Twofu: A Two-Factor Authenticator Command-Line App - ukz
https://github.com/ukazap/twofu/blob/master/README.md
======
aroch
This pretty much does away with one of the benefits of 2fa; namely the client
you're entering password into is physically divorced from the client you're
getting the second factor from. Take for (stupid) example, you're a company
that uses pubkey + 2fa auth for user SSH logins. The pubkey already resides on
the device logging in, if the key in in memory or not pw protected, there's no
access control if the second factor is also available from the same machine.

~~~
ukz
Valid point. I leave it to the users how they secure their machine in which
this app run, e.g. it's not wise to use this while your hard drive (or at
least home directory) is unencrypted or the said machine is a corporate
laptop.

