[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Salsa update: no more "-guest" and more

On 4/26/20 8:46 PM, Johannes Schauer wrote:
> Quoting Bernd Zeimetz (2020-04-26 20:34:12)
>> On 4/26/20 12:41 AM, Thomas Goirand wrote:
>>> On 4/25/20 11:14 PM, Bernd Zeimetz wrote:
>>>> Actually I think 2FA should be enforced for everybody.
>>>> Even debian.org related passwords might get lost.
>>> I use strong password, stored with keepassxc, with the password db
>>> encrypted using the HMAC of my yubikey. In what way is this not safe enough
>>> already? 2FA will add nothing in my case, just more annoyance.
>> And then somebody sends you a phishing mail and you enter your password into
>> salsa.debiana.org...
> This cannot happen with a password manager that keeps track of the domain for
> which it stores the passwords.

So you have a browser integrated password manager and consider it secure?

>> And if it doesn't happen to you, it happens to somebody else. Or you or
>> somebody else has to use a more public or work computer for whatever reason.
> this means, that if 2FA would be made mandatory, people like me without a
> smartphone would not be able to use other computers than their private ones
> anymore.

As discussed before, you don't need a smartphone.

 Bernd Zeimetz                            Debian GNU/Linux Developer
 http://bzed.de                                http://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Reply to: