Le 16/06/2021 à 10:33, Christian Heimes a écrit :
On 16/06/2021 07.14, Julien Palard via python-committers wrote:
I do use a Yubikey too.
Le 6/14/21 à 11:27 PM, Tim Peters a écrit :
If I buy one and plug it in, and that's the end of it, fine by me
That's almost as simple as you want:
In Github settings 2FA tab you'll have to hit a "Register a new security key" button, it make your key "blink" (blinking mean: please touch the key to allow this action).
Then every time you login your key blinks and you have to touch it to allow this action.
And that's it. It uses an open standard called U2F [1] which works on a variety of setups (it works with Firefox on Debian for example). It also works on pypi.org \o/.
If the PSF is willing to help financially, I'd recommend everyone to buy (and register) two keys: a primary key and a backup key in case you loose or break the first one.
Most sites with MFA support have backup/recovery codes, too. I recommend that you generate backup codes, print them out and store the printout with your important documents. It's low tech and safe.
It's as reliable as printing passwords on a piece of paper, isn't it?