❦ 26 avril 2020 20:29 +00, Jeremy Stanley: > You're already seeing quite a few folks responding that being > required to use an additional application or device each time they > authenticate would be an inconvenience to them. This is a signal. I > personally wouldn't enjoy being prompted to activate my TOTP client > software every time I invoke `git push` so I can understand the > resistance to your proposal.
This is not how this is implemented. I am using GitHub and GitLab with
2FA enabled and I am rarely asked to enter any token. Once you get
authenticated on a device, it remains for a long time. The model threat
is to prevent someone stealing your password through
phishing/spying/guessing to login into your account. SSH keys being
asymmetrical, they are not covered by this.
--
10.0 times 0.1 is hardly ever 1.0.
- The Elements of Programming Style (Kernighan & Plauger)
signature.asc
Description: PGP signature
