[python-committers] Security: please enable 2-factor authentication on GitHub and your email

Steve Dower steve.dower at python.org
Mon Dec 11 15:04:45 EST 2017

On 11Dec2017 0504, Paul Moore wrote:
> On 11 December 2017 at 12:29, Donald Stufft <donald at stufft.io> wrote:
>> On Dec 11, 2017, at 7:03 AM, Paul Moore <p.f.moore at gmail.com> wrote:
>> Um, I use https not ssh, as for at least some of the time I'm behind a
>> firewall that only allows https, not ssh traffic. (I know, I'm sorry -
>> I can probably be the worst possible corner case for *any* suggestion
>> that gets made :-))
>> https://help.github.com/articles/providing-your-2fa-authentication-code/#through-the-command-line
> I use username and password and git credential manager. Uses the OS
> password store. I don't know of any way that 2FA integrates with that.
> If someone can tell me how it does (and it's as unobtrusive as, say
> gMail which only prompts me if I log on via a previously unused
> machine) then that's fine. Otherwise not so much.

On Windows, recent versions of git will pop up GUI login prompt that can 
do 2FA. Then it gets cached as normal (and may occasionally pop up again 
when the token expires).

Make sure your copy of git is up to date (which you should do anyway 
because of the recent vulnerabilities in submodule resolution) and then 
2FA is totally doable.

(Only caveat, I get my copy of git for Windows via the VS 2017 
installer. I'm pretty sure nothing extra gets added to this, but it's 
possible that a special credential manager does.)


More information about the python-committers mailing list