[python-committers] Security: please enable 2-factor authentication on GitHub and your email

R. David Murray rdmurray at bitdance.com
Mon Dec 11 15:11:47 EST 2017

On Mon, 11 Dec 2017 14:52:54 -0500, "R. David Murray" <rdmurray at bitdance.com> wrote:
> Indeed.  If 2fa is required for contribution to CPython, I'll stop
> contributing.  Granted, I haven't done many merges lately, but a few
> is a bigger number than zero :)

And in case you think this means I don't consider security important:
I have been using strong, unique-per-site passwords (and in many cases
unique usernames/emails) for many years, and I run my own email server.


Aside: something I have never understood is the relatively recent
craze for enter-username-first-then-go-to-password-screen.  Most of the
implementations I have encountered tell you if the username is unknown.
That reduces the cracker's search space by a considerable amount.  Using
your email address as the account id has the same problem, magnified.
I had already started using unique usernames/emails before that trend
happened, to battle spam, but it certainly reinforced my motivation for
doing so.  I unfortunately haven't gotten around to backfilling a lot
of the sites I did sign up to using my primary email address :(

More information about the python-committers mailing list