Quote:
Originally Posted by BritTim
If you want to go to the development effort, it would be possible to have a Selenium script on your home server that uses browser automation to generate and revoke app passwords. It might be difficult to do this in a way that would ensure full security if your home server was seized.
|
I don't currently have any home servers--I might set one up, but I don't trust my home internet to stay connected while I'm away anyway (router occasionally gets wedged and needs power cycling). So I'm talking about remote servers (vps's in some instances). There'd necessarily be some obscurity involved, but at the end of the day I have to trust Fastmail's servers so it's not that much worse if I also have to trust my own.
I don't want to do complex development for this--too much work and too many parts to go wrong. I'm thinking of a simple web app (20 line python cgi) that accepts a one-time password from a printed list like Fastmail used to, and sends back a TOTP code. Do you know you can get a dedicated server in France for 3 euro a month (scaleway.com)? I have one of those for unrelated purposes, so it might be a reasonable place to host this thing since it could be sure of keeping the TOTP key in ram instead of it possibly getting written to disk and leaking from there. There'd have to be a secondary server as well. I'll think about this.