[python-committers] Security: please enable 2-factor authentication on GitHub and your email
Victor Stinner
victor.stinner at gmail.com
Mon Dec 11 06:19:46 EST 2017
2017-12-11 12:05 GMT+01:00 Stefan Krah <stefan at bytereef.org>:
> https://en.wikipedia.org/wiki/RSA_SecurID#March_2011_system_compromise
> https://gist.github.com/peternixey/1978249
>
> I'm pretty sure my long GitHub-only password is more secure than several
> key-gen algorithms on smart cards ...
I wouldn't comment the attack on RSA SecurID, but I disagree that a
single password is stronger than password + OTP.
The principle of the 2-factor auth is that the attacker has to break
two auths rather than only one. So even if you break RSA SecurID, the
hacker still has to break your ultra secure GitHub-only password ;-)
Victor
More information about the python-committers
mailing list