[python-committers] Re: Please make sure you're following good security practices with your GitHub account

I use a mobile device to store TOTP tokens (one time use passcodes), but as I also wish to use my workstation device to generate these tokens, I’ve historically used a tool called oathtool to generate these one time tokens (from a stored secret), but due to

[python-committers] Re: Please make sure you're following good security practices with your GitHub account

On 6/14/2021 3:38 PM, Brett Cannon wrote: I have discovered someone tried to break into my GitHub account (you can check yourself by going to https://github.com/settings/security-log and looking for "failed to login" attempts for potentially odd geogra

[python-committers] Re: Please make sure you're following good security practices with your GitHub account

> On Jun 14, 2021, at 5:27 PM, Tim Peters wrote: > > [Donald Stufft ] >> You can a Yubikey for like $15? or so and use that for best in class 2fa. >> >> You can also get an app for your desktop PC that can do TOTP codes >> (1Password has it built in, I’ve never used any of these applications >

[python-committers] Re: Please make sure you're following good security practices with your GitHub account

On 6/14/2021 5:06 PM, Donald Stufft wrote: On Amazon, Yubikey is $45-55 for 3 kinds of interfaces. One must buy the right one. And then configure with each remote account. Picture show usb-c keys plugged into laptops. but desktops and monitors with usb have standard usb-2/3 ports. Fido NFC

[python-committers] Re: Please make sure you're following good security practices with your GitHub account

[Donald Stufft ] > You can a Yubikey for like $15? or so and use that for best in class 2fa. > > You can also get an app for your desktop PC that can do TOTP codes > (1Password has it built in, I’ve never used any of these applications > though). Thanks! Alas, it's all utter gibberish to me. I'm

[python-committers] Re: Please make sure you're following good security practices with your GitHub account

> On Jun 14, 2021, at 5:02 PM, Tim Peters wrote: > > [Brett] >> ... >> Please make sure you have a unique password for your GitHub account >> and that you have 2FA/MFA turned on (I honestly think we should start >> requiring this ... > > I use 2FA on sites that cater to my reality ;-) That is,

[python-committers] Re: Please make sure you're following good security practices with your GitHub account

[Brett] > ... > Please make sure you have a unique password for your GitHub account > and that you have 2FA/MFA turned on (I honestly think we should start > requiring this ... I use 2FA on sites that cater to my reality ;-) That is, I don't have a smartphone, or a cell phone of any kind, or any d

[python-committers] Re: Please make sure you're following good security practices with your GitHub account

See also https://discuss.python.org/t/remove-coordinator-role-of-inactive-coordinators-on-bugs-python-org/866 for the security of bugs.python.org. So far, no action was taken. Inactive coordinators kept their permission. For GitHub, I'm using a Yubikey and FreeOTP for the 2FA. Victor On Mon, Ju

[python-committers] Please make sure you're following good security practices with your GitHub account

I have discovered someone tried to break into my GitHub account (you can check yourself by going to https://github.com/settings/security-log and looking for "failed to login" attempts for potentially odd geographical locations for yourself). CPython probably would have been the biggest target for t