On Mon, Dec 11, 2017 at 12:19:46PM +0100, Victor Stinner wrote: > 2017-12-11 12:05 GMT+01:00 Stefan Krah <ste...@bytereef.org>: > > https://en.wikipedia.org/wiki/RSA_SecurID#March_2011_system_compromise > > https://gist.github.com/peternixey/1978249 > > > > I'm pretty sure my long GitHub-only password is more secure than several > > key-gen algorithms on smart cards ... > > I wouldn't comment the attack on RSA SecurID, but I disagree that a > single password is stronger than password + OTP. > > The principle of the 2-factor auth is that the attacker has to break > two auths rather than only one. So even if you break RSA SecurID, the > hacker still has to break your ultra secure GitHub-only password ;-)
Well sure, but the bureaucracy increases and ultimately the entity being protected is still a ruby on rails web app (at least that's what I have heard, I may be wrong). Ssh isn't available everywhere, I don't want to install an app or give out my phone number to half of Silicon Valley [1]. Buying a GitHub-only sim card would be an option still... Stefan Krah [1] Which is probably the real reason why 2FA is so popular. _______________________________________________ python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers Code of Conduct: https://www.python.org/psf/codeofconduct/
