On 16/06/2021 10.50, Antoine Pitrou wrote: > > Le 16/06/2021 à 10:33, Christian Heimes a écrit : >> On 16/06/2021 07.14, Julien Palard via python-committers wrote: >>> I do use a Yubikey too. >>> >>> Le 6/14/21 à 11:27 PM, Tim Peters a écrit : >>>> If I buy one and plug it in, and that's the end of it, fine by me >>> >>> That's almost as simple as you want: >>> >>> - In Github settings 2FA tab you'll have to hit a "Register a new >>> security key" button, it make your key "blink" (blinking mean: please >>> touch the key to allow this action). >>> >>> - Then every time you login your key blinks and you have to touch it to >>> allow this action. >>> >>> And that's it. It uses an open standard called U2F [1] which works on a >>> variety of setups (it works with Firefox on Debian for example). It also >>> works on pypi.org \o/. >>> >>> If the PSF is willing to help financially, I'd recommend everyone to buy >>> (and register) two keys: a primary key and a backup key in case you >>> loose or break the first one. >> >> Most sites with MFA support have backup/recovery codes, too. I recommend >> that you generate backup codes, print them out and store the printout >> with your important documents. It's low tech and safe. > > It's as reliable as printing passwords on a piece of paper, isn't it?
No, recovery codes on paper are much more secure than printing passwords on paper. Passwords give an attacker immediate access to your account. Recovery codes only contain one-time use second factors. They are useless without the first factor (password). You keep recovery codes at home, too. An attacker would need to get access to your first factor and then break into your apartment to locate and steal your second factor. Christian _______________________________________________ python-committers mailing list -- python-committers@python.org To unsubscribe send an email to python-committers-le...@python.org https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/python-committers@python.org/message/JK67MJV44WV7V5UAJ2H4EL62CLG75OFY/ Code of Conduct: https://www.python.org/psf/codeofconduct/
