[Distutils] Password security
Nick Coghlan
ncoghlan at gmail.com
Wed Sep 4 17:35:46 CEST 2013
On 5 September 2013 01:31, Donald Stufft <donald at stufft.io> wrote:
>
> On Sep 4, 2013, at 11:28 AM, Nick Coghlan <ncoghlan at gmail.com> wrote:
>
>> The *best* answer is for a service to use 2-factor authentication
>> instead of relying entirely on passwords (the "physical object" Donald
>> mentioned earlier), but we don't have the resources to set that up,
>> and certainly can't require it for all PyPI users (since you either
>> need a physical token or a phone capable of running an app like Google
>> Authenticator).
>
> PyPI will gain 2 Factor Auth support in Warehouse. It's something I feel strongly
> about and am going to make it work. It obviously won't be required for the
> reasons you listed it but if folks turn it on then it'll be required for their account.
> Likely also projects will be able to require that their projects themselves get
> modified only by an account with 2FA enabled as well.
Yay, that's great news! :)
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Distutils-SIG
mailing list