Re: Salsa update: no more "-guest" and more

To: debian-devel@lists.debian.org
Subject: Re: Salsa update: no more "-guest" and more
From: Bernd Zeimetz <bernd@bzed.de>
Date: Sun, 26 Apr 2020 20:34:12 +0200
Message-id: <[🔎] de5ebb9f-a729-f0ae-653a-2053ef7fd8cd@bzed.de>
In-reply-to: <[🔎] b8e504e4-5281-5833-750f-f613b26136b4@debian.org>
References: <20200418213339.GB32260@waldi.eu.org> <[🔎] 8555e1c9-2ae9-fc7e-8278-4e4e1bf1b0f1@bzed.de> <[🔎] 20200425164941.4nrgwu636mk564y5@shell.thinkmo.de> <[🔎] B4960B93-DB48-469A-A2A2-6E2D7383D219@bzed.de> <[🔎] 1aa1982f-e333-df39-121c-b7d0ceecaf3c@debian.org> <[🔎] 45946438-59a6-f2f3-98b0-3610c4982441@bzed.de> <[🔎] b8e504e4-5281-5833-750f-f613b26136b4@debian.org>

On 4/26/20 12:41 AM, Thomas Goirand wrote:
> On 4/25/20 11:14 PM, Bernd Zeimetz wrote:
>> Actually I think 2FA should be enforced for everybody.
>> Even debian.org related passwords might get lost.
> 
> I use strong password, stored with keepassxc, with the password db
> encrypted using the HMAC of my yubikey. In what way is this not safe
> enough already? 2FA will add nothing in my case, just more annoyance.

And then somebody sends you a phishing mail and you enter your password
into salsa.debiana.org...

And if it doesn't happen to you, it happens to somebody else. Or you or
somebody else has to use a more public or work computer for whatever reason.

There are more ways to loose a password than you seem to be able to
think of.

Bernd

-- 
 Bernd Zeimetz                            Debian GNU/Linux Developer
 http://bzed.de                                http://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Reply to:

Follow-Ups:
- Re: Salsa update: no more "-guest" and more
  - From: Johannes Schauer <josch@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Thomas Goirand <zigo@debian.org>

References:
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: Bastian Blank <waldi@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: Thomas Goirand <zigo@debian.org>

Prev by Date: Re: Salsa update: no more "-guest" and more
Next by Date: Re: Salsa update: no more "-guest" and more
Previous by thread: Re: Salsa update: no more "-guest" and more
Next by thread: Re: Salsa update: no more "-guest" and more
Index(es):
- Date
- Thread