[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Salsa update: no more "-guest" and more

 ❦ 26 avril 2020 20:29 +00, Jeremy Stanley:

> You're already seeing quite a few folks responding that being
> required to use an additional application or device each time they
> authenticate would be an inconvenience to them. This is a signal. I
> personally wouldn't enjoy being prompted to activate my TOTP client
> software every time I invoke `git push` so I can understand the
> resistance to your proposal.

This is not how this is implemented. I am using GitHub and GitLab with
2FA enabled and I am rarely asked to enter any token. Once you get
authenticated on a device, it remains for a long time. The model threat
is to prevent someone stealing your password through
phishing/spying/guessing to login into your account. SSH keys being
asymmetrical, they are not covered by this.
10.0 times 0.1 is hardly ever 1.0.
            - The Elements of Programming Style (Kernighan & Plauger)

Attachment: signature.asc
Description: PGP signature

Reply to: