- Oct 3, 2022
- 520
If the admin password is known or leaked via keyloggers etc, it is a major problem. To address that, I use 2FA. It requires something you have (a key) in addition to something you know (a password). Gnome has support for YubiKeys and Google Authenticator. Yubikeys cost $25 and is an offline 2FA method supported by Login via Google (aka PassKeys) and is usable also by sudo; and the cell phone Google Authenticator app is free. How to guide: https://support.yubico.com/hc/en-us/...ogin-Guide-U2F . (There are only 2 packages to install and you can save the packages (/var/cache/apt/archives/ ) and configuration files for easy future re-deployment ) Also, it does not require you to be online.
Last edited: