By swapping the position of the hardware and software tokens, the ordering of the columns would mirror the degree of security each option generally provides (left:right, least:most). It currently seems arbitrary. Am I missing something?

I love the library and it has been very helpful for me.

Recently, my implementation of speakeasy.totp failed a penetration test. I wrote a writeup on my findings (with a code sample to show how common this can happen with a bad implementation+configuration).

The issue: please improve the documentation (especially arou

It would be helpful to have a comprehensive documentation of the endpoints to help configure Authelia correctly in real life environments.

It might be useful to have a generic system for documenting anything within PrivacyIDEA. However that is a rather large undertaking.

See: #1814

We could have a table for documentation and then add links in this table where it links to.
But the questions would be

• where display the documentation
• to whom display the documention?
  • for users?
  • for admins?

UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 742): UnableToResolveError: Unable to resolve module prop-types from /home/********/Downloads/react-native-phone-verification-master/example/node_modules/react-native-emoji/index

When using TOTP the user password should -always- go to the TOTP app, even if wrong.

It should not say "wrong password" prior to the TOTP app for security reasons. This app should not let the attacker know they have the correct password!

Current behavior:

Attempt login - wrong password - error
Attempt login - correct password - totp - error | This lets the attacker know the password is c

Expected behavior

In the multipass login form, when I click submit, I expect to receive an email to the address I entered.

Observed behavior

caddy crashes with this error when I click submit:

caddy -conf=/etc/caddy/Caddyfile -log stdout
Activating privacy features... done.
multipass for https://test.quickgene.net is initialized
https://test.quickgene.net
2017/01/19 13:01

My phone's OS got messed up, and after reloading a the LineageOS ROM while preserving my files, Android Token no longer sees its database/list of secret keys, so I have lost access to my tokens. I searched but can't find documentation to aid users like me to find what data directory holds the secret keys.

Please add documentation of where on an Android device the secret keys are stored.

Plea

For enabling Telegram Two factor gateway you have to give the command below from the command prompt:

occ twofactorauth:gateway:configure telegram

It would be nice if that step will be integrated in the Nextcloud User Interface as part of the security screen (Administration -> Security). In the screenshot below you can see a simple design of how it can be integrated:

![afbeelding](https:

I'm not a Python expert, but using Ubuntu 16.04 I found the current instructions apparently start python3 by default. In Linux, "python" start Python v2.x while "python3" starts Python v3.x. Meanwhile, "pip" starts the package manager for Python v2.x, so the instruction to install the onetimepass resulted in python3 being unable to import the module.

To fix, I installed pip3:
sudo apt inst

Around access.lua#L429, we should be able to add an ngx.req.set_header call to set a header (X-LSSO-Session -- but configurable?) so that the upstream service can use that as an auth method.

This is particularly useful for web applications supporting proxy auth, such as Grafana. This is a good step toward making lsso more powerfu

If a space is present in a secret key pasted by the user, it is not removed resulting in a wrong secret key.