Donald Stufft <donald <at> stufft.io> writes: > > On Sep 4, 2013, at 11:28 AM, Nick Coghlan <ncoghlan <at> gmail.com> wrote: > > > The *best* answer is for a service to use 2-factor authentication > > instead of relying entirely on passwords (the "physical object" Donald > > mentioned earlier), but we don't have the resources to set that up, > > and certainly can't require it for all PyPI users (since you either > > need a physical token or a phone capable of running an app like Google > > Authenticator). > > PyPI will gain 2 Factor Auth support in Warehouse. It's something I feel strongly > about and am going to make it work. It obviously won't be required for the > reasons you listed it but if folks turn it on then it'll be required for their account. > Likely also projects will be able to require that their projects themselves get > modified only by an account with 2FA enabled as well.
What would the second factor be in this case? (besides the usual password-based or OpenID-based auth factor?) Regards Antoine. _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
