curl / Mailing Lists / curl-library / Single Mail

curl-library

Do you 2FA on github?

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 21 Aug 2017 10:41:50 +0200 (CEST)

Hi friends!

TLDR: can we make two-factor authentication (2FA) mandatory for curl members
on github?

On github right now we have 24 team members who have push access to the curl
git repository and who show up with "owner" tag when they post comments on
issues or pull-requests.

Yet roughly half of us have not enabled 2FA on github, making these accounts
vulnerable for attackers. If an attacker would manage to compromise a member's
github account, that could be used to send comments in that person's name but
also to change SSH keys and thus push commits to the repositories.

In order to drastically reduce the risk of this, I would like to *require* 2FA
enabled on github for members of the curl organization (and thus those who can
push to git).

Or is there a good and valid reason why some people haven't yet enabled 2FA?

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Received on 2017-08-21

This message: [ Message body ]
Next message: Daniel Stenberg: "inactive curl "owners""
Previous message: Ray Satiro via curl-library: "Re: connecting to multiple hosts (who have the same identical SSL cert) simultaneously using libcurl multi interface"
Next in thread: Marcel Raad via curl-library: "RE: **SPAM**Do you 2FA on github?"
Reply: Marcel Raad via curl-library: "RE: **SPAM**Do you 2FA on github?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]