[python-committers] Security: please enable 2-factor authentication on GitHub and your email

Victor Stinner victor.stinner at gmail.com
Mon Dec 11 06:19:46 EST 2017

2017-12-11 12:05 GMT+01:00 Stefan Krah <stefan at bytereef.org>:
> https://en.wikipedia.org/wiki/RSA_SecurID#March_2011_system_compromise
> https://gist.github.com/peternixey/1978249
> I'm pretty sure my long GitHub-only password is more secure than several
> key-gen algorithms on smart cards ...

I wouldn't comment the attack on RSA SecurID, but I disagree that a
single password is stronger than password + OTP.

The principle of the 2-factor auth is that the attacker has to break
two auths rather than only one. So even if you break RSA SecurID, the
hacker still has to break your ultra secure GitHub-only password ;-)


More information about the python-committers mailing list