[python-committers] Security: please enable 2-factor authentication on GitHub and your email
Stefan Krah
stefan at bytereef.org
Mon Dec 11 07:29:36 EST 2017
On Mon, Dec 11, 2017 at 12:19:46PM +0100, Victor Stinner wrote:
> 2017-12-11 12:05 GMT+01:00 Stefan Krah <stefan at bytereef.org>:
> > https://en.wikipedia.org/wiki/RSA_SecurID#March_2011_system_compromise
> > https://gist.github.com/peternixey/1978249
> >
> > I'm pretty sure my long GitHub-only password is more secure than several
> > key-gen algorithms on smart cards ...
>
> I wouldn't comment the attack on RSA SecurID, but I disagree that a
> single password is stronger than password + OTP.
>
> The principle of the 2-factor auth is that the attacker has to break
> two auths rather than only one. So even if you break RSA SecurID, the
> hacker still has to break your ultra secure GitHub-only password ;-)
Well sure, but the bureaucracy increases and ultimately the entity being
protected is still a ruby on rails web app (at least that's what I have
heard, I may be wrong).
Ssh isn't available everywhere, I don't want to install an app or give
out my phone number to half of Silicon Valley [1].
Buying a GitHub-only sim card would be an option still...
Stefan Krah
[1] Which is probably the real reason why 2FA is so popular.
More information about the python-committers
mailing list