On 11 December 2017 at 20:15, Julien Palard via python-committers <python-committers@python.org> wrote: > Antoine Pitrou <anto...@python.org>: >> A random piece of paper in my wallet may not have an extremely long >> lifetime (paper is fragile). And one piece of paper might be ok, but >> what if I need one for every 2FA-enabled Web site? > > It's a legitimate question, so I'm taking mine out right now to check.
Here's a question (disclaimer: I'm *not* saying I disagree with 2FA, or strong security, or anything like that, I'm genuinely curious about the usability trade-offs based on my experience). I have a piece of paper with some Google account recovery keys on it. I think it's in my wallet (it was last time I looked but that's literally years ago). So, what if I've lost it? As I understand it, if I lose my access for any reason (phone broke irrecoverably is the example that happened to me a few months ago), I need those keys to get access, but I don't know any longer if I have them. And if I don't, I'm screwed. So surely there's an additional requirement that I keep track of my recovery keys, so I *know* if they get lost? Password/identity management is a *huge* burden in these days of every website under the sun needing a unique login. Even just classifying your accounts as "critical", "important", "useful", "minor" and "throwaway" takes significant effort. Password managers are basically the only scalable solution I know of, and they have their own problems (online ones can be compromised themselves, personal ones don't always work on all devices, and sharing the password database is a non-trivial issue). I already need to know one thing (the password DB passphrase) and have another (the DB itself). 2FA essentially adds a third factor, not a second (yes, I know that's not precisely correct). Anyway, I've said enough - you get my point. People should be allowed to make their own judgments on risk vs usability. IMO, we should focus on: 1. If we grant core dev status, we should factor in whether we think the prospective candidate understands the responsibility in terms of security (I'd be surprised if anyone thought we didn't already do that). 2. Because we're on a shared infrastructure (github) we can't mandate how developer accounts are configured without considering how that affects a user's *other* activities [1]. Paul [1] I can expand on this, but it's somewhat off-topic and also not something I'd want to discuss on a public list, so ask me privately if you're interested in my specific case. _______________________________________________ python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers Code of Conduct: https://www.python.org/psf/codeofconduct/
