Having recently rolled out Yubikeys at 5apps and using them for a range of things (from pw manager to SSH), I was wondering about adding similar security options to my remoteStorage account.
Now, it’s of course possible to add 2-factor auth for our normal 5apps login without thinking about the RS spec. The idea would be that after the connect, you have to have a second factor in addition to your bearer token in order to get an authenticated session for your IP for a certain amount of time for example.
If we specified an abstract version of “send string to server, expect positive or negative response”, and probably an addition of the 2FA methods supported by the storage provider (e.g. U2F, Yubikey, Authy etc.), we might be able to make this extensible for any possible 2FA method.
This is just a quick thought so far. Maybe you have opinions about the need and/or the feasability of something like this?