> Thanks! Perhaps people like me (never used TOTP outside of my bank's security token; don't have a smart phone; no experience with password managers) are common enough to mention this in the FAQ?
Yes, I think so! I've forwarded this thread along to others working on PyPI as part of the OTF grant, and we'll be figuring out how best to explain using TOTP without being too mobile-centric.
I'm very sympathetic to not wanting to pay a service for the privilege of logging into your own account. 1Password is what came to mind because I happen to use it, but GNOME provides a TOTP client as well[1]. There are also a few others, based on a cursory search.
We also have support for WebAuthn in the pipeline, which will allow you to use a physical security key (or a physical authentication method like a fingerprint, if your device has support for that). That still does require a 1-time purchase for many users (the aforementioned security key), but the proliferation of built-in methods and cheap keys should help mitigate that somewhat.
Yes, I think so! I've forwarded this thread along to others working on PyPI as part of the OTF grant, and we'll be figuring out how best to explain using TOTP without being too mobile-centric.
I'm very sympathetic to not wanting to pay a service for the privilege of logging into your own account. 1Password is what came to mind because I happen to use it, but GNOME provides a TOTP client as well[1]. There are also a few others, based on a cursory search.
We also have support for WebAuthn in the pipeline, which will allow you to use a physical security key (or a physical authentication method like a fingerprint, if your device has support for that). That still does require a 1-time purchase for many users (the aforementioned security key), but the proliferation of built-in methods and cheap keys should help mitigate that somewhat.
[1]: https://gitlab.gnome.org/World/Authenticator