kicad-developers team mailing list archive

[Bob Gustafson <bobgus@xxxxxxx>]

2FA can also use a normal land-line audio only telephone. The daemon at 
the other end just reads a code and you write it down. As secure (or 
more so) than a text message.

On 11/25/19 12:11 PM, Mark Roszko wrote:
> > I don't have, or want, a cell phone (or any Google account).
> You do not need a cell phone. You can use a computer based TOTP 
> supporting authentication app such as Authy or FOSS KeePassXC 
> (https://keepassxc.org/screenshots/)
>
> > A simple password is not perfect, but at least it is easy to use and 
> works from any computer install.
>
> The problem with passwords is there's no way to force users to have 
> unique passwords per website they made accounts for.
>
> > Kicad gitlab repo is for a FOSS development.
>
> And time and time again, FOSS software repos get hacked because 
> somebody didn't have 2FA enabled and malicious code is injected 
> stealthily.
> It is a real security issue in the year 2019. Everything from desktop 
> apps to 4 lines of code libraries in programming package libraries are 
> high value targets and are at constant risk.
>
>
> On Mon, Nov 25, 2019 at 12:11 PM jp charras <jp.charras@xxxxxxxxxx 
> <mailto:jp.charras@xxxxxxxxxx>> wrote:
>
>     Le 25/11/2019 à 17:53, Kevin Cozens a écrit :
>     > On 2019-11-25 11:03 a.m., Seth Hillbrand wrote:
>     >> 2FA would be using something like Google Authenticator on your
>     phone,
>     >> a YubiKey or SMS message code to verify your login on a computer in
>     >> addition to the password.
>     >
>     > It may not affect me as I'm a user of KiCad and occasional
>     reporter of
>     > bugs. What gitlab activities would require 2FA? Reading the link
>     > supplied about 2FA says it would send a message to a phone. I don't
>     > have, or want, a cell phone. How would requiring 2FA affect others
>     > without a cell phone who want to use the gitlab repo site?
>     >
>
>     I am also like Kevin:
>     I don't have, or want, a cell phone (or any Google account).
>
>     A simple password is not perfect, but at least it is easy to use and
>     works from any computer install.
>     Kicad gitlab repo is for a FOSS development.
>     It is not for Fort Knox access management.
>
>     -- 
>     Jean-Pierre CHARRAS
>
>     _______________________________________________
>     Mailing list: https://launchpad.net/~kicad-developers
>     Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
>     <mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx>
>     Unsubscribe : https://launchpad.net/~kicad-developers
>     More help   : https://help.launchpad.net/ListHelp
>
>
>
> --
> Mark
>
> _______________________________________________
> Mailing list: https://launchpad.net/~kicad-developers
> Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~kicad-developers
> More help   : https://help.launchpad.net/ListHelp