Closed jmertic closed 4 years ago
+1 from me.
I'd like to know more about how this would be implemented before voting.......would it involve use of just a second email address to confirm identity, personal cell, DNA sample?
Check out this...
https://help.github.com/en/articles/securing-your-account-with-two-factor-authentication-2fa
Thank you,
John Mertic Director of Program Management - Linux Foundation ASWF, ODPi, and Open Mainframe Project jmertic@linuxfoundation.org +1 234-738-4571 Schedule time with me at https://calendly.com/jmertic
On Thu, May 2, 2019 at 7:13 AM armstro notifications@github.com wrote:
I'd like to know more about how this would be implemented before voting.......would it involve use of just a second email address to confirm identity, personal cell, DNA sample?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/zowe/zlc/issues/96#issuecomment-488634297, or mute the thread https://github.com/notifications/unsubscribe-auth/AACIOIN6F2K5LAJKZRK4DGTPTLEFDANCNFSM4HJTR3IA .
-1 for me. 2FA can be nice, if the auth types are nice. Github appears to only have a few, and they all have issues.
Edit: Actually, there are other TOTP-compatible apps that are open source. I tried one out (Aegis) which worked, but here's a few: https://search.f-droid.org/?q=totp&lang=en
@1000TurquoisePogs So is the tooling the main issue for you? I think you pointed out there are a ton of open/proprietary solutions ( as well as hardware and software ) which provides flexibility.
I think the big thing is, we want to ensure everyone's accounts are secure, especially if you have committer access. 2FA is extremely common these days - most LF projects have this requirement and it's usually quite welcomed and encouraged by the community,
I'll also note it's part of the CII badge at the Gold level:
https://bestpractices.coreinfrastructure.org/en/projects/2226?criteria_level=2#changecontrol
Need to write up a recommendation to start ... for example - Sean to compile the initial list
@hogstrom When can we flip this on?
Complete
LF IT reviewed that this setting wasn't on and strongly recommended that the project do this for security reasons.
Thinking if the ZLC is good with this, we could have a 30 day grace period and then flip it on. Thoughts?