[Distutils] Password security
Antoine Pitrou
antoine at python.org
Wed Sep 4 17:53:34 CEST 2013
Donald Stufft <donald <at> stufft.io> writes:
>
> On Sep 4, 2013, at 11:28 AM, Nick Coghlan <ncoghlan <at> gmail.com> wrote:
>
> > The *best* answer is for a service to use 2-factor authentication
> > instead of relying entirely on passwords (the "physical object" Donald
> > mentioned earlier), but we don't have the resources to set that up,
> > and certainly can't require it for all PyPI users (since you either
> > need a physical token or a phone capable of running an app like Google
> > Authenticator).
>
> PyPI will gain 2 Factor Auth support in Warehouse. It's something I feel
strongly
> about and am going to make it work. It obviously won't be required for the
> reasons you listed it but if folks turn it on then it'll be required for
their account.
> Likely also projects will be able to require that their projects
themselves get
> modified only by an account with 2FA enabled as well.
What would the second factor be in this case?
(besides the usual password-based or OpenID-based auth factor?)
Regards
Antoine.
More information about the Distutils-SIG
mailing list