Quoting Bernd Zeimetz (2020-04-26 20:34:12) > On 4/26/20 12:41 AM, Thomas Goirand wrote: > > On 4/25/20 11:14 PM, Bernd Zeimetz wrote: > >> Actually I think 2FA should be enforced for everybody. > >> Even debian.org related passwords might get lost. > > I use strong password, stored with keepassxc, with the password db > > encrypted using the HMAC of my yubikey. In what way is this not safe enough > > already? 2FA will add nothing in my case, just more annoyance. > And then somebody sends you a phishing mail and you enter your password into > salsa.debiana.org... This cannot happen with a password manager that keeps track of the domain for which it stores the passwords. > And if it doesn't happen to you, it happens to somebody else. Or you or > somebody else has to use a more public or work computer for whatever reason. this means, that if 2FA would be made mandatory, people like me without a smartphone would not be able to use other computers than their private ones anymore.
Attachment:
signature.asc
Description: signature