Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require org owners to use exclusively secure two-factor authentication #57

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Require org owners to use exclusively secure two-factor authentication #57

wants to merge 1 commit into from

Conversation

infinisil
Copy link
Member

Turns out @tomberek and @Lassulus don't right now, I think we should.

@infinisil infinisil requested a review from a team as a code owner January 16, 2025 20:54
winterqt
winterqt approved these changes Jan 16, 2025
View reviewed changes
Copy link
Member

@winterqt winterqt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1000000%.

(Isn't the only other option SMS?)

Gabriella439
Gabriella439 approved these changes Jan 16, 2025
View reviewed changes
Copy link

@Gabriella439 Gabriella439 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have a strong opinion on this, but it seems like a good idea

jtojnar
jtojnar approved these changes Jan 16, 2025
View reviewed changes
Copy link
Member

@jtojnar jtojnar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds reasonable.

@jtojnar
Copy link
Member

jtojnar commented Jan 16, 2025

Ideally, we would have GitHub enforce it but, unfortunately, it looks like it is not possible to force require it just for owners.

It might be a good idea to eventually require it for everyone but not sure how many people it would affect as https://github.com/orgs/NixOS/people?query=two-factor%3Ainsecure shows the same list for me as https://github.com/orgs/NixOS/people?query=two-factor%3Asecure

@infinisil
Copy link
Member Author

@jtojnar I don't think that needs to be discussed here, but it shows two different lists for me: 66 pages for secure and 57 pages for insecure, so secure 2FA seems to be at least a close majority already.

@Lassulus
Copy link
Member

not sure what I need to do that github deems my 2FA as secure :D

@infinisil
Copy link
Member Author

@Lassulus As Winter said, I think SMS is the only method not considered secure, can you confirm that you have that enabled (direct link to account security settings)? If so, you'll have to turn that off

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@winterqt winterqt winterqt approved these changes

@Gabriella439 Gabriella439 Gabriella439 approved these changes

@jtojnar jtojnar jtojnar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@infinisil @jtojnar @Lassulus @Gabriella439 @winterqt