Something I'd like to add to the discussion: 2FA on Github only applies to the website, not the SSH access:
https://docs.github.com/en/github/authenticating-to-github/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication#authenticating-on-the-command-line-using-ssh So by enabling 2FA you only protect settings and actions which can only be done via the website. It's still possible for someone getting access to your SSH key to push PRs in your name, for example. Now 2FA in general is a good idea, but as someone who has lost access to accounts because of my mobile's TOTP app failing on me, please make sure that you do configure the available recovery methods or take snapshots of the TOTP registration QR codes and store them in a password manager (if that works with the website). Failing to do so can make 2FA a nightmare, since websites will make it really hard to regain access to the account when enabled. BTW: A lot this is smoke and mirrors or snake oil as they say... the most vulnerable account is your email account and this is still good old user id and password in many cases. Additionally, emails tend to travel via several hops you don't have control over, e.g. mailchimp et al., your provider. If you're lucky all those hops use TLS for in-transit messages, but I have yet to find a website which sends your access reset emails using GPG or S/MIME for end-to-end encryption. You know: weakest link in a chain, etc. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Experts (#1, Jun 16 2021) >>> Python Projects, Coaching and Support ... https://www.egenix.com/ >>> Python Product Development ... https://consulting.egenix.com/ ________________________________________________________________________ ::: We implement business ideas - efficiently in both time and costs ::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 https://www.egenix.com/company/contact/ https://www.malemburg.com/ _______________________________________________ python-committers mailing list -- python-committers@python.org To unsubscribe send an email to python-committers-le...@python.org https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/python-committers@python.org/message/VD6QKSEH5GXTYVUEBUD62HFSYU5XIA7X/ Code of Conduct: https://www.python.org/psf/codeofconduct/
