Yanking `totp`
Closed this issue · 1 comments
The totp top-level enum (where the only known value is "optional") is way inadequate and future-hostile. It's another one of those barnacles that was drafted up too quickly in the very early days of the project, when anything vaguely security-related was being thrown in to be recorded without any regard for how it may evolve.
There are three profiles that currently use it - they can be logged here for now, and then those site profiles can be revisited in the future as a proper structure for documenting multi-factor authentication can be drafted (taking into account other issues like #135).
Those three sites:
- digitalocean.com
- dreamhost.com
- linode.com
Until said time as a proper 2FA structure can be devised, any future sites that have TOTP can just ping this issue (or another, better one that has some active discussion and thought attached, gathering a more diverse set of use cases and examples).
While drafting up a replacement for totp can happen over time, removing the few extant instances of its current form needs to happen ASAP. Putting on v0.1.0 accordingly.