On Mon, Jul 18, 2016 at 9:13 AM, Adrian Turjak <adriant at catalyst.net.nz> wrote: > We need an MFA solution, and this doesn't seem like too terrible an option. One thing to note here is that the credentials for TOTP stored in the keystone credentials backend are not encrypted. So a breach of your database could expose those to an attacker. This is a review[1] to fix this issue that is close to merging. 1. https://review.openstack.org/#/c/317169/ -- David blog: http://www.traceback.org twitter: http://twitter.com/dstanek www: http://dstanek.com