[eduVPN-deploy] Any YubiKey OTP users?!

[François Kooman]

Hi all,

I'm considering removing YubiKey OTP support from Let's Connect!/eduVPN.
This for a number of reasons:

1. It seems it is currently not widely used;
2. It depends on proprietary YubiCo "cloud service";
3. It requires a hardware token that works only when you have a USB port
as far as I know;
4. It does not protect against "phishing", so doesn't add much to TOTP;
5. We already have TOTP that is a lot more popular.

In the future I want to add WebAuth / U2F support in the software to
restore "hardware token" 2FA support.

If you want to see whether any of your users use YubiKey OTP, you can
check https://vpn.example/vpn-admin-portal/users and Ctrl/Cmd+F for
"YubiKey".

In the coming release, YubiKey OTP will be disabled by default (on new
deployments), but can still be enabled by the administrator.

Any opinions?

Regards,
François