Support for two-factor authentication

[sciurus]

In addition to verifying the user's SSH key, the hologram server should optionally require two-factor authentication using one-time passwords.

[epall]

Yes! Though passphrase + SSH key is basically two factors already, we should support IAM Multi-Factor Auth.

[sciurus]

I was wondering abut SSH key security; do you have a way of enforcing a passphrase?

[gaylatea]

It's probably outside the scope of Hologram to try and enforce passphrases; we just delegate to the user's ssh-agent for that. Better development environment setup tools should take care of that.

wrt Multi-Factor Auth, we were unsure of how to get the UX right for it. Ideally Hologram is invisible to the user unless they need to change roles. Is it possible to just do the MFA dance once, whenever you do hologram me or hologram use [role]?

[copumpkin]

I was actually thinking about this a bit more, and think it could add additional security. It's probably most relevant for cross-account access (which will probably become more useful after authorization support in #14), but supporting IAM MFA functionality would allow people to place less trust in the hologram server.

Scenario without MFA:

• High-security account trusts hologram role to allow users to assume it.
• Hologram server, if compromised/buggy, could grant arbitrary access to high-security account

Scenario with MFA:

• High-security account trusts hologram role + MFA
• Hologram server can only grant access to high-security account with additional factor that is not in its possession. It could still do bad things with an MFA token passing through it but it would expire and would thus limit the potential for bad behavior.

I still don't have a good sense of what a UI would look like though 😄