[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Salsa update: no more "-guest" and more

Quoting Bernd Zeimetz (2020-04-26 20:34:12)
> On 4/26/20 12:41 AM, Thomas Goirand wrote:
> > On 4/25/20 11:14 PM, Bernd Zeimetz wrote:
> >> Actually I think 2FA should be enforced for everybody.
> >> Even debian.org related passwords might get lost.
> > I use strong password, stored with keepassxc, with the password db
> > encrypted using the HMAC of my yubikey. In what way is this not safe enough
> > already? 2FA will add nothing in my case, just more annoyance.
> And then somebody sends you a phishing mail and you enter your password into
> salsa.debiana.org...

This cannot happen with a password manager that keeps track of the domain for
which it stores the passwords.

> And if it doesn't happen to you, it happens to somebody else. Or you or
> somebody else has to use a more public or work computer for whatever reason.

this means, that if 2FA would be made mandatory, people like me without a
smartphone would not be able to use other computers than their private ones

Attachment: signature.asc
Description: signature

Reply to: