[python-committers] Security: please enable 2-factor authentication on GitHub and your email

Kushal Das kushaldas at gmail.com
Mon Dec 11 05:16:23 EST 2017

On Mon, Dec 11, 2017 at 3:28 PM, Victor Stinner
<victor.stinner at gmail.com> wrote:
> Hi,

> The next step was to enable 2-factor authentication on GitHub and Bitbucket:
> * Configure the yubikey to generate an OTP for GitHub (for "long
> press" on the key)
> * Firefox: install
> https://addons.mozilla.org/fr/firefox/addon/u2f-support-add-on/ to use
> Yubikey with GitHub (sadly, the plugin doesn't work with Bitbucket nor
> Google yet)
> * Enable 2-factor auth on GitHub and Bitbucket using Yubikey
> * Print two-step recoverty codes on paper and keep it safe somewhere
> If you cannot affort a Yubikey, don't or cannot use it, you may want
> to use FreeOTP: free OTP application for a smartphone (I'm using it on
> Android), usable with GitHub, Bitbucket, Google, etc. It's not
> exclusive, you can have multiple 2-factor keys (Yubikey, FreeOTP,
> something else).

On a related note, we should ask all committers to enable 2FA and then
make the organization to 2FA only on github. That is a standard policy of
many organizations on github.

CPython Core Developer
Director, Python Software Foundation

More information about the python-committers mailing list