You are not logged in.

#1 2018-12-29 10:59:00

Bob le pirate
Member
Registered: 2014-03-07
Posts: 10

2FA login only out of home

Good morning everybody,

Sorry for my English, I’m a french guy who is writing in English ;-)

My question is simple, the answer may be not.

I’ve got a laptop computer that I want to protect against data extraction in case of stolen. I have already installed an encrypted partition (lvm dm-crypt), with encrypted boot (grub) and so on.
If my laptop is stole when off - no problem.
But if the laptop is stole when someone is already logged on, the bad guy may be abble to do bad things. So to improve this I had a two factor authentication for login. So the bad guy have to stole my laptop and my phone if he want to look at my data.
It’s very interesting but not pleasant to type the password and the verification code every time.
What I want to do is asking for verification code only when I am out of home (on another wifi network for example).

Please can you help me.

Best regards.

Offline

#2 2018-12-29 15:10:56

loafer
Member
From: the pub
Registered: 2009-04-14
Posts: 1,772

Re: 2FA login only out of home

If MFA is required in order to login to the laptop then that will be before it connects to any network. It won't be able to determine if it's at home or elsewhere at that point. Would biometric (e.g. finger print) be an option?


All men have stood for freedom...
For freedom is the man that will turn the world upside down.
Gerrard Winstanley.

Offline

#3 2018-12-29 16:40:46

Bob le pirate
Member
Registered: 2014-03-07
Posts: 10

Re: 2FA login only out of home

I agree to use MFA for the first login after boot (the time to mount network).
My asking is for the others logins when the computer exit sleep mode (in this case the network is still enable)

Offline

#4 2018-12-29 23:00:35

ngoonee
Forum Fellow
From: Between Thailand and Singapore
Registered: 2009-03-17
Posts: 7,354

Re: 2FA login only out of home

Bob le pirate wrote:

I agree to use MFA for the first login after boot (the time to mount network).
My asking is for the others logins when the computer exit sleep mode (in this case the network is still enable)

The network being still enabled or not is not dependable in this case. Worst case for your scenario is that it IS still enabled.... and it remembers it used to be in your house when actually the hypothetical thief has already carried it away somewhere else.

Biometric or face recognition may be more convenient (but less secure) for you. In the end there's always going to be that trade-off, so you have to decide how much convenience you can give up.

One roundabout way of reducing inconvenience (in terms of having to type in password+2FA) would be to always shut your computer off. Then there's no real need for 2FA (in your case). This should be doable with a decent SSD.


Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.

Offline

Board footer

Powered by FluxBB