Le 16/06/2021 à 10:33, Christian Heimes a écrit :
On 16/06/2021 07.14, Julien Palard via python-committers wrote:
I do use a Yubikey too.
Le 6/14/21 à 11:27 PM, Tim Peters a écrit :
If I buy one and plug it in, and that's the end of it, fine by me
That's almost as simple as you want:
- In Github settings 2FA tab you'll have to hit a "Register a new
security key" button, it make your key "blink" (blinking mean: please
touch the key to allow this action).
- Then every time you login your key blinks and you have to touch it to
allow this action.
And that's it. It uses an open standard called U2F [1] which works on a
variety of setups (it works with Firefox on Debian for example). It also
works on pypi.org \o/.
If the PSF is willing to help financially, I'd recommend everyone to buy
(and register) two keys: a primary key and a backup key in case you
loose or break the first one.
Most sites with MFA support have backup/recovery codes, too. I recommend
that you generate backup codes, print them out and store the printout
with your important documents. It's low tech and safe.
It's as reliable as printing passwords on a piece of paper, isn't it?
_______________________________________________
python-committers mailing list -- python-committers@python.org
To unsubscribe send an email to python-committers-le...@python.org
https://mail.python.org/mailman3/lists/python-committers.python.org/
Message archived at
https://mail.python.org/archives/list/python-committers@python.org/message/XKTCGU4LYKV2T2VVUP3QGPDKFAZO4K34/
Code of Conduct: https://www.python.org/psf/codeofconduct/
