Deactivation of the possibility to deactivate 2FA via rescue mode (linux) - 2FA PAM module it doesn't make sense

xaveti

3/4/24, 12:39 PM

I got interested in 2FA to log in for linux os ( PAM google authentificator)

The problem is that from the rescue boot level it can be easily disabled which means that if someone has physical access to the machine it doesn't matter.

In that case, in ubuntu in what way can I deactivate the ability to disable 2FA or in drastic cases completely remove the ability to use rescue mode?

Alternatively, are there any other similar solutions of this type (i.e. 2FA for the system?)

0 + 2

security

rescue-mode

two-factor-authentication

popey

3/4/24, 2:21 PM

If someone has physical access to the machine, and you don't have full disk encryption then basically all bets are off. Do you have the disk encrypted?

xaveti

3/4/24, 2:54 PM

The drive is one thing, but someone may know the encryption password (cpu god mode - motherboard backdoor, compomised bios etc ) and the login password. 2FA protects against this much better. I would like to be sure that 2FA will always be active and no one will turn it off

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Deactivation of the possibility to deactivate 2FA via rescue mode (linux) - 2FA PAM module it doesn't make sense

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.