Re: Salsa update: no more "-guest" and more

To: debian-devel@lists.debian.org
Subject: Re: Salsa update: no more "-guest" and more
From: Bernd Zeimetz <bernd@bzed.de>
Date: Sun, 26 Apr 2020 21:04:12 +0200
Message-id: <[🔎] 648c43a7-39b0-83a4-114c-36bc0b691ce4@bzed.de>
In-reply-to: <[🔎] 158792678962.974141.1421171633916662215@localhost>
References: <20200418213339.GB32260@waldi.eu.org> <[🔎] 8555e1c9-2ae9-fc7e-8278-4e4e1bf1b0f1@bzed.de> <[🔎] 20200425164941.4nrgwu636mk564y5@shell.thinkmo.de> <[🔎] B4960B93-DB48-469A-A2A2-6E2D7383D219@bzed.de> <[🔎] 1aa1982f-e333-df39-121c-b7d0ceecaf3c@debian.org> <[🔎] 45946438-59a6-f2f3-98b0-3610c4982441@bzed.de> <[🔎] b8e504e4-5281-5833-750f-f613b26136b4@debian.org> <[🔎] de5ebb9f-a729-f0ae-653a-2053ef7fd8cd@bzed.de> <[🔎] 158792678962.974141.1421171633916662215@localhost>


On 4/26/20 8:46 PM, Johannes Schauer wrote:
> Quoting Bernd Zeimetz (2020-04-26 20:34:12)
>> On 4/26/20 12:41 AM, Thomas Goirand wrote:
>>> On 4/25/20 11:14 PM, Bernd Zeimetz wrote:
>>>> Actually I think 2FA should be enforced for everybody.
>>>> Even debian.org related passwords might get lost.
>>> I use strong password, stored with keepassxc, with the password db
>>> encrypted using the HMAC of my yubikey. In what way is this not safe enough
>>> already? 2FA will add nothing in my case, just more annoyance.
>> And then somebody sends you a phishing mail and you enter your password into
>> salsa.debiana.org...
> 
> This cannot happen with a password manager that keeps track of the domain for
> which it stores the passwords.

So you have a browser integrated password manager and consider it secure?
Interesting...


>> And if it doesn't happen to you, it happens to somebody else. Or you or
>> somebody else has to use a more public or work computer for whatever reason.
> 
> this means, that if 2FA would be made mandatory, people like me without a
> smartphone would not be able to use other computers than their private ones
> anymore.

As discussed before, you don't need a smartphone.


-- 
 Bernd Zeimetz                            Debian GNU/Linux Developer
 http://bzed.de                                http://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Reply to:

References:
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: Bastian Blank <waldi@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: Thomas Goirand <zigo@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: Johannes Schauer <josch@debian.org>

Prev by Date: Re: Salsa update: no more "-guest" and more
Next by Date: Re: Salsa update: no more "-guest" and more
Previous by thread: Re: Salsa update: no more "-guest" and more
Next by thread: Re: Salsa update: no more "-guest" and more
Index(es):
- Date
- Thread