[python-committers] Security: please enable 2-factor authentication on GitHub and your email
alex.gaynor at gmail.com
Mon Dec 11 08:00:37 EST 2017
It's possible to generate a key on a regular computer and transfer it to a
YubiKey if you prefer. (It's not like software key generation has been
flawless either; [OpenSSL/Debian fiasco]. Oh well, such is life).
Even if you're not going to put your SSH keys on a YubiKey, I _strongly_
encourage folks to get a Security Key (aka U2F device), of which YubiKeys
are one brand, and use it for 2FA with Google/Github/Facebook/etc. In
addition to (IMO) being more usable than Google Authenticator, Security
Keys are resistant to phishing, which is a huge win.
On Mon, Dec 11, 2017 at 7:57 AM, Stefan Krah <stefan at bytereef.org> wrote:
> On Mon, Dec 11, 2017 at 01:47:50PM +0100, Victor Stinner wrote:
> > 2017-12-11 13:29 GMT+01:00 Stefan Krah <stefan at bytereef.org>:
> > > Ssh isn't available everywhere, I don't want to install an app or give
> > > out my phone number to half of Silicon Valley .
> > SMS and FreeOTP are just a few options that you have to generate/get OTP.
> > I suggest to use Yubikey. It doesn't need to install an app or to give
> > your phone number, but it costs 50$. The advantage is that you can use
> > it to store your SSH and GPG keys.
> I'm not a fan of hardware key generation. :-)
> "In October 2017, security researchers found a vulnerability (known as
> ROCA) in the implementation of RSA keypair generation in a cryptographic
> library used by a large number of Infineon security chips. The
> vulnerability allows an attacker to reconstruct the private key by using
> the public key. All YubiKey 4, YubiKey 4C, and YubiKey 4 nano
> within the revisions 4.2.6 to 4.3.4 are affected by this vulnerability.
> Yubico publicized a tool to check if a Yubikey is affected and replaces
> affected tokens for free."
> python-committers mailing list
> python-committers at python.org
> Code of Conduct: https://www.python.org/psf/codeofconduct/
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: D1B3 ADC0 E023 8CA6
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the python-committers