Accounts with sudo

I think it’s great that we have the flexibility to explore these kinds of things, both as part of the project and with our support for remixes and rebuilds. See also A serious suggestion for Fedora contributors passionate about privacy

1 Like

Dealing with elevated privileges is a small corner of security that hopefully strikes a chord with all who have read/participated in this post. Risk analysis is quite a broad topic and I would think much harder to become educated in as a fedoraproject member. Some in this community are needed.

It is great to see that you see TOTP (time based one time password that proves you have the phone) as a second factor with password being the first. It is a mistake to look at a 2fa device like a yubikey as two factors of authentication (2fa = second factor authentication). This type of education is valuable to fedora users. Thanks.

It has been a while since I’ve read your privacy thread. I’ll keep looking for ways to contribute. The Cylab at cmu.edu has some very interesting presentations on what can be deduced from seemingly innocent data. I wonder how many understand how much privacy they give up with certain actions.

1 Like

If you find things, dont hesitate to open an issue on secureblue. I see it as a more or less uncompromising project, and things experimented with there can easily be adapted into Fedora after all the bugs where fixed.

It already has 86 images and testing various versions and desktops (cinnamon is now added) will help find the various pitfalls.

3 Likes

I though it was two factor authentication?

It describes the second factor, with your password being the first

Its always 2fa == two factor authentication.
Usually described as something-you-know and something-you-have.

See Multi-factor authentication - Wikipedia for example and https://www.microsoft.com/en-us/security/business/security-101/what-is-two-factor-authentication-2fa that both use this definition.

I was referring to the misconception of using just a yubikey or just a tpm. It is good for FIDO U2F as a second factor. Too often 2fa gets stated when talking about second factor. Many use a yubikey passwordless, keeping the key always plugged in even when shutdown resulting in no authentication.

Yubikey seems like it should provide a “something you have” proving both it is your hardware key and “you” have it as one factor of authentication. Then the second factor (or first factor if you are considering the yubikey as the second factor) should be something else like “something you are” or “something you know”.

I’ll have to be even more careful in the future not to state things in a way that is possibly easily confused.

1 Like

Probably a good argument for using systemd-home if there ever was one.

Maybe the Security enthusiasts call will bring some to tackle this …