ZioByte

Asked: 2018-09-28 14:19:58 +0800 CST2018-09-28 14:19:58 +0800 CST 2018-09-28 14:19:58 +0800 CST

Is using HOTP only authorization considered weak?

I have seen many experts advising usage of some kind of OTP as second step of 2FA schemes.

I fully understand 2FA is more secure than Single Authorization, but it is also more inconvenient for casual user.

We currently have schemes with "strong passwords" changed on regular basis and many users are complaining.

I am wondering if replacing passwords with HOTP (possibly google-authenticator, supported by google-authenticator-libpam) would result in lower security than our present scheme.

Question is:

Using google-authenticator-libpam is considered more or less secure than password (8 chars, mixed case, numeric & special chars)?

If viable, what are pitfalls (if any)?

Is using HOTP only authorization considered weak?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Is using HOTP only authorization considered weak?

0 Answers