In the SC meeting today we discussed requiring two-factor authentication (aka 2FA/MFA) and came away strongly considering it (but no definitive plans yet). But we did agree that we should send a quick email encouraging everyone to turn on 2FA for their GitHub Accounts regardless of what we decide to do.
GitHub's instructions can be found at https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication . You can use various apps on your desktop or phone as well as a physical device to manage 2FA. And to be clear, you only need access to your 2FA solution when you log in; it's not a day-to-day action at all (I personally have not used my 2FA since the last time I logged into a new device for the first time or when my GitHub account was attacked and the attackers exhausted my password attempts for the day). For those of you who would prefer to use a hardware device and would like help getting one, we can make a request to the PSF to sponsor devices for those who want them.
_______________________________________________ python-committers mailing list -- python-committers@python.org To unsubscribe send an email to python-committers-le...@python.org https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/python-committers@python.org/message/2UC5H7WWJZDA2K7XM5CLAZIX3KWJ2ASK/ Code of Conduct: https://www.python.org/psf/codeofconduct/
