improve usability for when the second "password" is a one-time-code
[Also filed as https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/44, because I don't know how NetworkManager, NetworkManager-openconnect and openconnect interact in this regard and which project is responsible for what part of the user experience.]
My employer recently rolled out two factor authentication to their VPN. For connecting to the VPN, they recommended Cisco AnyConnect, with "Second Password" being a one-time-code obtained through a smartphone app.
Instead of AnyConnect, I've installed NetworkManager-openconnect-gnome 1.2.4
through NixOS' networkmanager-openconnect
attribute. Because my account password (i.e. the "first password" in the dialog) is complex, I've checked "Save passwords" in the dialog that appeared when first connecting to the VPN with that.
As "passwords" is plural in the checkbox' label, I did expect that to save both "passwords". Though I did not expect that it wouldn't show the dialog again when connecting again and instead automatically try to log in with the saved credentials. But that's what it did, thereby locking my account, as the one-time-code from the first time was already used and not valid anymore. (Whether my employer locks accounts already after one failed authentication attempt or whether NetworkManager/OpenConect tried automatically multiple times I don't know.)
My account was unlocked again by the IT department and I've unchecked the checkbox so this won't happen again.
However it'd be nice to
- have some indication that storing both "passwords" will enable automatic log-on rather than just pre-filling the input fields
- have the option to only store one of the "passwords" and still be prompted for the other