Enable 2FA for all Mojaloop GitHub users

[elnyry-sam-k]

Request Summary:

I'd like to discuss "enabling two-factor authentication for all Mojaloop GitHub users"

Request Details:

• Deadline: Not urgent, but would like to discuss during the 16th April 2023 meeting
• Impact (Teams): Improves security, 2FA is a widely accepted security mechanism. But this would also disable access to any users in teams part of Mojaloop (Read access will not be affected to public Mojaloop repositories)
• Impact (Components): No impact to components

**Artifacts**: - [ ] None **Dependencies**: - [ ] No dependencies ### **Accountability**: - **Owner:** Sam Kummary (@elnyry-sam-k ) - **Raised By:** Sam Kummary (@elnyry-sam-k ) ## **Decision(s)**: - **Approved By:** ### Details - [ ] Actual decision made as a result of discussion ## **Follow-up**: - [ ] Actions to implement the decisions

[mdebarros]

Recommendation for CI/Automated accounts:

MFA is impractical for CI/Automated accounts, we should instead ensure that best-practices adhere to the following:

2. Should NOT have console/UI access
3. Rather ensure minimum access/policies for each of those accounts, and consider creating different accounts that are more focused with limited access instead of a “general” all-access account.

[elnyry-sam-k]

Miguel's above comment was related to AWS accounts, GitHub accounts are fine and are addressed. This can be closed.

Implemented on August 16th, 2023.