Should/will 2FA (2 factor authentication) be required for making GitHub contributions #19
Comments
|
Where possible, 2FA should be mandatory for all systems GC uses, along with enforced (by system) code reviews. |
|
I'd like to also see promotion of hardware 2FA whenever possible such as https://www.yubico.com/ or similar tools. |
|
I would personnally be in favour. |
|
Looping @ptd-tbs in for this. |
|
I am also in favour of implementing multi-factor authentication. We made it mandatory for privileged access to cloud-based services in the Direction on the Secure Use of Commercial Cloud, Section 6.2.3. |
|
I think requiring 2FA for making contribution is too much of an overreach but it should be mandatory for people maintaining GC repositories |
|
I think that 2FA was indeed intended for GC employees, not external
collaborators.
As an overall guidance, if we are to use SaaS that provide 2FA, we should
be enabling it.
Thanks!
Guillaume
Le mar. 13 nov. 2018 09 h 03, Laurent Goderre <notifications@github.com> a
écrit :
I think requiring 2FA for making contribution is too much of an overreach
but it should be mandatory for people maintaining GC repositories
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#19 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABnJ5Q3kvQ786kwtnKGsylGiXVucI905ks5uutEpgaJpZM4W_G6e>
.
--
Guillaume
|
|
In general, I think we should be developing a checklist for securing GitHub.This includes enabling 2FA in general for those with accounts. If this is a key component of the CI/CD pipeline, it should be assessed and approved once, then reused by other projects. Checklist is on our to do list. |
https://help.github.com/articles/about-two-factor-authentication/
The text was updated successfully, but these errors were encountered: