Two-factor security

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Two-factor security

Tom Breloff
I'd like to make a request of the community... can everyone please turn on two-factor security on Github?  There are a lot of people with commit access to both core julia and critical organizations/packages that don't have it on, and it puts many projects at risk.  It really doesn't take too much effort, and it goes a long way to preventing a potential mess.  Thanks!
Reply | Threaded
Open this post in threaded view
|

Re: Two-factor security

Stefan Karpinski
This is a good idea. Of course the last time I tried this, there were some significant annoyances. Do those seem to have been resolved?

On Thursday, November 12, 2015, Tom Breloff <[hidden email]> wrote:
I'd like to make a request of the community... can everyone please turn on two-factor security on Github?  There are a lot of people with commit access to both core julia and critical organizations/packages that don't have it on, and it puts many projects at risk.  It really doesn't take too much effort, and it goes a long way to preventing a potential mess.  Thanks!
Reply | Threaded
Open this post in threaded view
|

Re: Two-factor security

Tom Breloff
What were the significant annoyances? (besides the obvious that it's an extra step to log in)

On Thu, Nov 12, 2015 at 10:25 AM, Stefan Karpinski <[hidden email]> wrote:
This is a good idea. Of course the last time I tried this, there were some significant annoyances. Do those seem to have been resolved?


On Thursday, November 12, 2015, Tom Breloff <[hidden email]> wrote:
I'd like to make a request of the community... can everyone please turn on two-factor security on Github?  There are a lot of people with commit access to both core julia and critical organizations/packages that don't have it on, and it puts many projects at risk.  It really doesn't take too much effort, and it goes a long way to preventing a potential mess.  Thanks!

Reply | Threaded
Open this post in threaded view
|

Re: Two-factor security

Rob J. Goedman
One annoyance, which made me turn off two-factor security for github, is that Pkg.update() will fail for private packages.

Regards,
Rob


On Nov 12, 2015, at 7:29 AM, Tom Breloff <[hidden email]> wrote:

What were the significant annoyances? (besides the obvious that it's an extra step to log in)

On Thu, Nov 12, 2015 at 10:25 AM, Stefan Karpinski <[hidden email]> wrote:
This is a good idea. Of course the last time I tried this, there were some significant annoyances. Do those seem to have been resolved?


On Thursday, November 12, 2015, Tom Breloff <[hidden email]> wrote:
I'd like to make a request of the community... can everyone please turn on two-factor security on Github?  There are a lot of people with commit access to both core julia and critical organizations/packages that don't have it on, and it puts many projects at risk.  It really doesn't take too much effort, and it goes a long way to preventing a potential mess.  Thanks!


Reply | Threaded
Open this post in threaded view
|

Two-factor security

Kristoffer Carlsson
In reply to this post by Tom Breloff
Activated. Thanks for the tip.
Reply | Threaded
Open this post in threaded view
|

Re: Two-factor security

Stefan Karpinski
In reply to this post by Tom Breloff
Not allowing me to authenticate in certain fairly unfortunate situations. It was some time ago, I don't recall the details.

On Thu, Nov 12, 2015 at 10:29 AM, Tom Breloff <[hidden email]> wrote:
What were the significant annoyances? (besides the obvious that it's an extra step to log in)

On Thu, Nov 12, 2015 at 10:25 AM, Stefan Karpinski <[hidden email]> wrote:
This is a good idea. Of course the last time I tried this, there were some significant annoyances. Do those seem to have been resolved?


On Thursday, November 12, 2015, Tom Breloff <[hidden email]> wrote:
I'd like to make a request of the community... can everyone please turn on two-factor security on Github?  There are a lot of people with commit access to both core julia and critical organizations/packages that don't have it on, and it puts many projects at risk.  It really doesn't take too much effort, and it goes a long way to preventing a potential mess.  Thanks!


Reply | Threaded
Open this post in threaded view
|

Re: Two-factor security

Steve Kelly

For a while Pkg wouldn't work with TFA, but I believe that is resolved on 0.4.

On Nov 12, 2015 11:01 AM, "Stefan Karpinski" <[hidden email]> wrote:
Not allowing me to authenticate in certain fairly unfortunate situations. It was some time ago, I don't recall the details.

On Thu, Nov 12, 2015 at 10:29 AM, Tom Breloff <[hidden email]> wrote:
What were the significant annoyances? (besides the obvious that it's an extra step to log in)

On Thu, Nov 12, 2015 at 10:25 AM, Stefan Karpinski <[hidden email]> wrote:
This is a good idea. Of course the last time I tried this, there were some significant annoyances. Do those seem to have been resolved?


On Thursday, November 12, 2015, Tom Breloff <[hidden email]> wrote:
I'd like to make a request of the community... can everyone please turn on two-factor security on Github?  There are a lot of people with commit access to both core julia and critical organizations/packages that don't have it on, and it puts many projects at risk.  It really doesn't take too much effort, and it goes a long way to preventing a potential mess.  Thanks!


Reply | Threaded
Open this post in threaded view
|

Re: Two-factor security

Lachlan Gunn
I've put in a feature request with Github about adding an API call that would let one use 2FA with command-line git using a credential helper, though the odds of it coming to anything are probably slim.

On Thursday, 12 November 2015 17:19:16 UTC+1, Steve Kelly wrote:

For a while Pkg wouldn't work with TFA, but I believe that is resolved on 0.4.

On Nov 12, 2015 11:01 AM, "Stefan Karpinski" <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="0SHZJmgmBAAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">ste...@...> wrote:
Not allowing me to authenticate in certain fairly unfortunate situations. It was some time ago, I don't recall the details.

On Thu, Nov 12, 2015 at 10:29 AM, Tom Breloff <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="0SHZJmgmBAAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">t...@...> wrote:
What were the significant annoyances? (besides the obvious that it's an extra step to log in)

On Thu, Nov 12, 2015 at 10:25 AM, Stefan Karpinski <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="0SHZJmgmBAAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">ste...@...> wrote:
This is a good idea. Of course the last time I tried this, there were some significant annoyances. Do those seem to have been resolved?


On Thursday, November 12, 2015, Tom Breloff <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="0SHZJmgmBAAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">t...@...> wrote:
I'd like to make a request of the community... can everyone please turn on two-factor security on Github?  There are a lot of people with commit access to both core julia and critical organizations/packages that don't have it on, and it puts many projects at risk.  It really doesn't take too much effort, and it goes a long way to preventing a potential mess.  Thanks!


Reply | Threaded
Open this post in threaded view
|

Re: Two-factor security

Andreas Lobinger
In reply to this post by Tom Breloff
Hello colleague,

On Thursday, November 12, 2015 at 3:29:27 PM UTC+1, Tom Breloff wrote:
There are a lot of people with commit access to both core julia and critical organizations/packages that don't have it on

How can you know that?

Wishing a happy day,
       Andreas
Reply | Threaded
Open this post in threaded view
|

Re: Two-factor security

Seth
If you're an "owner" (or whatever the new term is in github-speak) of a repository, you can see a list of members and their 2FA status under the "People" tab. Those members w/o 2FA have a red warning triangle next to their names.

Seth.


On Sunday, November 15, 2015 at 2:29:16 AM UTC-8, Andreas Lobinger wrote:
Hello colleague,

On Thursday, November 12, 2015 at 3:29:27 PM UTC+1, Tom Breloff wrote:
There are a lot of people with commit access to both core julia and critical organizations/packages that don't have it on

How can you know that?

Wishing a happy day,
       Andreas