[python-committers] Security: please enable 2-factor authentication on GitHub and your email
R. David Murray
rdmurray at bitdance.com
Mon Dec 11 15:11:47 EST 2017
On Mon, 11 Dec 2017 14:52:54 -0500, "R. David Murray" <rdmurray at bitdance.com> wrote:
> Indeed. If 2fa is required for contribution to CPython, I'll stop
> contributing. Granted, I haven't done many merges lately, but a few
> is a bigger number than zero :)
And in case you think this means I don't consider security important:
I have been using strong, unique-per-site passwords (and in many cases
unique usernames/emails) for many years, and I run my own email server.
--David
Aside: something I have never understood is the relatively recent
craze for enter-username-first-then-go-to-password-screen. Most of the
implementations I have encountered tell you if the username is unknown.
That reduces the cracker's search space by a considerable amount. Using
your email address as the account id has the same problem, magnified.
I had already started using unique usernames/emails before that trend
happened, to battle spam, but it certainly reinforced my motivation for
doing so. I unfortunately haven't gotten around to backfilling a lot
of the sites I did sign up to using my primary email address :(
More information about the python-committers
mailing list