[Semibug] Security question
_ at thomaslevine.com
Sun Apr 7 17:29:55 EDT 2019
If you are using OpenSSH or similar, I thing you should be more
concerned about tampering of phone operating system rather than
tampering of the data transfer. So one approach is just to get
a Librem 5.
Either way, consider how to address physical access to the phone.
I have used TOTP, carrying another, non-networked device for generating
one-time passwords. I was not logging into an OpenBSD system, but you
could do that with login_otp. I might set it up myself, actually.
With a separate TOTP device, the attacker needs to steal two devices
instead of just one, and the attacker would need to do more than copying
of the certificate or installing a keylogger.
More information about the Semibug