[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Salsa update: no more "-guest" and more

On 4/26/20 12:41 AM, Thomas Goirand wrote:
> On 4/25/20 11:14 PM, Bernd Zeimetz wrote:
>> Actually I think 2FA should be enforced for everybody.
>> Even debian.org related passwords might get lost.
> I use strong password, stored with keepassxc, with the password db
> encrypted using the HMAC of my yubikey. In what way is this not safe
> enough already? 2FA will add nothing in my case, just more annoyance.

And then somebody sends you a phishing mail and you enter your password
into salsa.debiana.org...

And if it doesn't happen to you, it happens to somebody else. Or you or
somebody else has to use a more public or work computer for whatever reason.

There are more ways to loose a password than you seem to be able to
think of.


 Bernd Zeimetz                            Debian GNU/Linux Developer
 http://bzed.de                                http://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Reply to: