[python-committers] Security: please enable 2-factor authentication on GitHub and your email

Paul Moore p.f.moore at gmail.com
Mon Dec 11 07:03:54 EST 2017

On 11 December 2017 at 11:27, Kushal Das <kushaldas at gmail.com> wrote:
> On Mon, Dec 11, 2017 at 4:44 PM, Paul Moore <p.f.moore at gmail.com> wrote:
>> On 11 December 2017 at 10:16, Kushal Das <kushaldas at gmail.com> wrote:
>>> On a related note, we should ask all committers to enable 2FA and then
>>> make the organization to 2FA only on github. That is a standard policy of
>>> many organizations on github.
>> Before making such a requirement, we should ensure that doing so
>> doesn't harm usability. For example, I have no idea how 2FA would work
>> in conjunction with the command line git client on Windows,
>> particularly in terms of *not* prompting on every single activity, but
>> caching authentication appropriately. Also we should ensure that there
>> are viable 2FA options for people in places where mobile phone signals
>> are unreliable or unavailable (I come into that category :-()
>> Basically, before making such a change, let's ensure it doesn't do
>> more harm than good.
> Understood, the git command line tools work based on your ssh authentication.
> 2FA will only take place in case of user login using username/password.

Um, I use https not ssh, as for at least some of the time I'm behind a
firewall that only allows https, not ssh traffic. (I know, I'm sorry -
I can probably be the worst possible corner case for *any* suggestion
that gets made :-))


PS I'm not against the idea as a recommended practice - just concerned
about making it mandatory.

More information about the python-committers mailing list