[python-committers] Security: please enable 2-factor authentication on GitHub and your email

[Kushal Das]

On Mon, Dec 11, 2017 at 4:44 PM, Paul Moore <p.f.moore at gmail.com> wrote:
> On 11 December 2017 at 10:16, Kushal Das <kushaldas at gmail.com> wrote:
>> On a related note, we should ask all committers to enable 2FA and then
>> make the organization to 2FA only on github. That is a standard policy of
>> many organizations on github.
>
> Before making such a requirement, we should ensure that doing so
> doesn't harm usability. For example, I have no idea how 2FA would work
> in conjunction with the command line git client on Windows,
> particularly in terms of *not* prompting on every single activity, but
> caching authentication appropriately. Also we should ensure that there
> are viable 2FA options for people in places where mobile phone signals
> are unreliable or unavailable (I come into that category :-()
>
> Basically, before making such a change, let's ensure it doesn't do
> more harm than good.
>
Understood, the git command line tools work based on your ssh authentication.
2FA will only take place in case of user login using username/password.

Even before we get into long discussions about 2FA and other things, the first
step should be using a nice long passphrase (not password, but passphrase) which
one can remember. And if possible, use a local password manager to store it.

To create the passphrases, one can use the diceware tool ($ pip
install diceware ).
It is packaged for Debian, and I am working on the Fedora packaging
(on review state).

Kushal
-- 
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in