After [some conversation on Mastodon](https://fosstodon.org/@yarmo/107274183854089361) I implemented signing via SSH OTPs. Signing with SSH keys is possible in new versions of SSH so it might not be possible in all systems. More information about SSH signing here: https://www.agwa.name/blog/post/ssh_signatures How it works: - First, you set your public key on your account settings. - Then, next time you need to login, you can skip your password and instead choose the less comfortable path: click "Sign in with your SSH key instead" to go to which will prompt you with a random number in hexadecimal that you have to sign within 5 minutes and paste the signature in the form to login. Here's how it looks: ![SSH signature login](https://nessuent.xyz/sic/ssh_login.png) This is an experimental/proof of concept thing and obviously it's opt in. Here's the [relevant code for authentication](https://github.com/epilys/sic/blob/e059c3b794bbd46e7d3dcb6cb89b9bdc9f9dd946/sic/auth.py#L48-L117) and the [view code for token generation](https://github.com/epilys/sic/blob/e059c3b794bbd46e7d3dcb6cb89b9bdc9f9dd946/sic/views/account.py#L89-L143) PS: Why SSH and not PGP/FIDO/TLS etc? tl;dr: almost everyone has ssh keys already.