11 Dec
2017
11 Dec
'17
10:16 a.m.
On Mon, Dec 11, 2017 at 3:28 PM, Victor Stinner victor.stinner@gmail.com wrote:
Hi,
The next step was to enable 2-factor authentication on GitHub and Bitbucket:
- Configure the yubikey to generate an OTP for GitHub (for "long press" on the key)
- Firefox: install https://addons.mozilla.org/fr/firefox/addon/u2f-support-add-on/ to use Yubikey with GitHub (sadly, the plugin doesn't work with Bitbucket nor Google yet)
- Enable 2-factor auth on GitHub and Bitbucket using Yubikey
- Print two-step recoverty codes on paper and keep it safe somewhere
If you cannot affort a Yubikey, don't or cannot use it, you may want to use FreeOTP: free OTP application for a smartphone (I'm using it on Android), usable with GitHub, Bitbucket, Google, etc. It's not exclusive, you can have multiple 2-factor keys (Yubikey, FreeOTP, something else).
On a related note, we should ask all committers to enable 2FA and then make the organization to 2FA only on github. That is a standard policy of many organizations on github.
Kushal
CPython Core Developer Director, Python Software Foundation https://kushaldas.in