Le 11/12/2017 à 13:55, Victor Stinner a écrit : > 2017-12-11 13:51 GMT+01:00 Antoine Pitrou <anto...@python.org>: >> Before recommending anything you/we should first give guidelines and >> best practices for backup etc. >> >> If you lose your 2FA device and don't have some kind of fallback your >> accounts may be screwed. As usual, security can conflict with usability >> and the long-term availability of data. > > Hum, in my first email I wrote: > > """ > * Enable 2-factor auth on GitHub and Bitbucket using Yubikey > * Print two-step recovery codes on paper and keep it safe somewhere > """ > > Using multiple tokens reduces the risk of losing access to your account.
I don't know what security experts think, but the idea of having to print and keep around recovery codes (for each and every website I enable 2FA on!) sounds completely braindead to me. Do you expect to be able to find back a random piece of paper in 5 years? I certainly don't. Regards Antoine. _______________________________________________ python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers Code of Conduct: https://www.python.org/psf/codeofconduct/
