❦ 26 avril 2020 20:29 +00, Jeremy Stanley: > You're already seeing quite a few folks responding that being > required to use an additional application or device each time they > authenticate would be an inconvenience to them. This is a signal. I > personally wouldn't enjoy being prompted to activate my TOTP client > software every time I invoke `git push` so I can understand the > resistance to your proposal.
This is not how this is implemented. I am using GitHub and GitLab with 2FA enabled and I am rarely asked to enter any token. Once you get authenticated on a device, it remains for a long time. The model threat is to prevent someone stealing your password through phishing/spying/guessing to login into your account. SSH keys being asymmetrical, they are not covered by this. -- 10.0 times 0.1 is hardly ever 1.0. - The Elements of Programming Style (Kernighan & Plauger)
signature.asc
Description: PGP signature