[python-committers] Security: please enable 2-factor authentication on GitHub and your email

Antoine Pitrou antoine at python.org
Mon Dec 11 07:58:25 EST 2017

Le 11/12/2017 à 13:55, Victor Stinner a écrit :
> 2017-12-11 13:51 GMT+01:00 Antoine Pitrou <antoine at python.org>:
>> Before recommending anything you/we should first give guidelines and
>> best practices for backup etc.
>> If you lose your 2FA device and don't have some kind of fallback your
>> accounts may be screwed.  As usual, security can conflict with usability
>> and the long-term availability of data.
> Hum, in my first email I wrote:
> """
> * Enable 2-factor auth on GitHub and Bitbucket using Yubikey
> * Print two-step recovery codes on paper and keep it safe somewhere
> """
> Using multiple tokens reduces the risk of losing access to your account.

I don't know what security experts think, but the idea of having to
print and keep around recovery codes (for each and every website I
enable 2FA on!) sounds completely braindead to me.
Do you expect to be able to find back a random piece of paper in 5
years?  I certainly don't.



More information about the python-committers mailing list