The SC has decided to move ahead and require 2FA for GitHub. Since the controls are per org, rather than per repo, this will apply to everything under the 'python' repo.
We've asked Ee (the PSF's Director of Infrastructure) to start contacting accounts that don't have 2FA enabled, including bots, in preparation for this. We'll decide on an actual date we start requiring 2FA once we have a clear picture of what bots still need updating, but in the meantime I recommend everyone switch on 2FA of some kind, if you haven't already. (As mentioned before, if you want hardware tokens, the PSF can supply those.)On Tue, Feb 8, 2022 at 12:11 AM Brett Cannon <brett@python.org> wrote:_______________________________________________In the SC meeting today we discussed requiring two-factor authentication (aka 2FA/MFA) and came away strongly considering it (but no definitive plans yet). But we did agree that we should send a quick email encouraging everyone to turn on 2FA for their GitHub Accounts regardless of what we decide to do.GitHub's instructions can be found at https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication . You can use various apps on your desktop or phone as well as a physical device to manage 2FA. And to be clear, you only need access to your 2FA solution when you log in; it's not a day-to-day action at all (I personally have not used my 2FA since the last time I logged into a new device for the first time or when my GitHub account was attacked and the attackers exhausted my password attempts for the day).For those of you who would prefer to use a hardware device and would like help getting one, we can make a request to the PSF to sponsor devices for those who want them.
python-committers mailing list -- python-committers@python.org
To unsubscribe send an email to python-committers-leave@python.org
https://mail.python.org/mailman3/lists/python-committers.python.org/
Message archived at https://mail.python.org/archives/list/python-committers@python.org/message/2UC5H7WWJZDA2K7XM5CLAZIX3KWJ2ASK/
Code of Conduct: https://www.python.org/psf/codeofconduct/
--