[python-committers] Security: please enable 2-factor authentication on GitHub and your email

Paul Moore p.f.moore at gmail.com
Mon Dec 11 09:35:39 EST 2017

On 11 December 2017 at 13:41, Donald Stufft <donald at stufft.io> wrote:
>> On Dec 11, 2017, at 8:04 AM, Paul Moore <p.f.moore at gmail.com> wrote:
>>> On 11 December 2017 at 12:29, Donald Stufft <donald at stufft.io> wrote:
>>> On Dec 11, 2017, at 7:03 AM, Paul Moore <p.f.moore at gmail.com> wrote:
>>> Um, I use https not ssh, as for at least some of the time I'm behind a
>>> firewall that only allows https, not ssh traffic. (I know, I'm sorry -
>>> I can probably be the worst possible corner case for *any* suggestion
>>> that gets made :-))
>>> https://help.github.com/articles/providing-your-2fa-authentication-code/#through-the-command-line
>> I use username and password and git credential manager. Uses the OS
>> password store. I don't know of any way that 2FA integrates with that.
>> If someone can tell me how it does (and it's as unobtrusive as, say
>> gMail which only prompts me if I log on via a previously unused
>> machine) then that's fine. Otherwise not so much.
>> Paul
> Did you read the linked section? You generate a limited scope access token and use that in place of your password for command line usage via https.

Maybe I didn't understand it. Doesn't that leave me in precisely the
same situation as a username/password, in that I have a single set of
credentials I can use? Or is the fact that it's tied to the specific
machine the point here? If so, then thanks, I can certainly use that
should someone decide that mandating 2FA is a good idea (I still
maintain that recommended but not mandatory is better, as my GH
account is not used solely for CPython development, so making such a
change has wider effects than just for this project).


More information about the python-committers mailing list