[python-committers] Security: please enable 2-factor authentication on GitHub and your email
Antoine Pitrou
antoine at python.org
Mon Dec 11 07:51:19 EST 2017
Le 11/12/2017 à 13:47, Victor Stinner a écrit :
> 2017-12-11 13:29 GMT+01:00 Stefan Krah <stefan at bytereef.org>:
>> Ssh isn't available everywhere, I don't want to install an app or give
>> out my phone number to half of Silicon Valley [1].
>
> SMS and FreeOTP are just a few options that you have to generate/get OTP.
>
> I suggest to use Yubikey. It doesn't need to install an app or to give
> your phone number, but it costs 50$. The advantage is that you can use
> it to store your SSH and GPG keys.
Before recommending anything you/we should first give guidelines and
best practices for backup etc.
If you lose your 2FA device and don't have some kind of fallback your
accounts may be screwed. As usual, security can conflict with usability
and the long-term availability of data.
Regards
Antoine.
More information about the python-committers
mailing list