← Back to team overview

kicad-developers team mailing list archive

Re: GitLab migration

 

2FA can also use a normal land-line audio only telephone. The daemon at the other end just reads a code and you write it down. As secure (or more so) than a text message.

On 11/25/19 12:11 PM, Mark Roszko wrote:
> I don't have, or want, a cell phone (or any Google account).
You do not need a cell phone. You can use a computer based TOTP supporting authentication app such as Authy or FOSS KeePassXC (https://keepassxc.org/screenshots/)

> A simple password is not perfect, but at least it is easy to use and works from any computer install.

The problem with passwords is there's no way to force users to have unique passwords per website they made accounts for.

> Kicad gitlab repo is for a FOSS development.

And time and time again, FOSS software repos get hacked because somebody didn't have 2FA enabled and malicious code is injected stealthily. It is a real security issue in the year 2019. Everything from desktop apps to 4 lines of code libraries in programming package libraries are high value targets and are at constant risk.


On Mon, Nov 25, 2019 at 12:11 PM jp charras <jp.charras@xxxxxxxxxx <mailto:jp.charras@xxxxxxxxxx>> wrote:

    Le 25/11/2019 à 17:53, Kevin Cozens a écrit :
    > On 2019-11-25 11:03 a.m., Seth Hillbrand wrote:
    >> 2FA would be using something like Google Authenticator on your
    phone,
    >> a YubiKey or SMS message code to verify your login on a computer in
    >> addition to the password.
    >
    > It may not affect me as I'm a user of KiCad and occasional
    reporter of
    > bugs. What gitlab activities would require 2FA? Reading the link
    > supplied about 2FA says it would send a message to a phone. I don't
    > have, or want, a cell phone. How would requiring 2FA affect others
    > without a cell phone who want to use the gitlab repo site?
    >

    I am also like Kevin:
    I don't have, or want, a cell phone (or any Google account).

    A simple password is not perfect, but at least it is easy to use and
    works from any computer install.
    Kicad gitlab repo is for a FOSS development.
    It is not for Fort Knox access management.

-- Jean-Pierre CHARRAS

    _______________________________________________
    Mailing list: https://launchpad.net/~kicad-developers
    Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
    <mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx>
    Unsubscribe : https://launchpad.net/~kicad-developers
    More help   : https://help.launchpad.net/ListHelp



--
Mark

_______________________________________________
Mailing list: https://launchpad.net/~kicad-developers
Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~kicad-developers
More help   : https://help.launchpad.net/ListHelp

References