-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should/will 2FA (2 factor authentication) be required for making GitHub contributions #19
Comments
Where possible, 2FA should be mandatory for all systems GC uses, along with enforced (by system) code reviews. |
I'd like to also see promotion of hardware 2FA whenever possible such as https://www.yubico.com/ or similar tools. |
I would personnally be in favour. |
Looping @ptd-tbs in for this. |
I am also in favour of implementing multi-factor authentication. We made it mandatory for privileged access to cloud-based services in the Direction on the Secure Use of Commercial Cloud, Section 6.2.3. |
I think requiring 2FA for making contribution is too much of an overreach but it should be mandatory for people maintaining GC repositories |
I think that 2FA was indeed intended for GC employees, not external
collaborators.
As an overall guidance, if we are to use SaaS that provide 2FA, we should
be enabling it.
Thanks!
Guillaume
Le mar. 13 nov. 2018 09 h 03, Laurent Goderre <[email protected]> a
écrit :
I think requiring 2FA for making contribution is too much of an overreach
but it should be mandatory for people maintaining GC repositories
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#19 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABnJ5Q3kvQ786kwtnKGsylGiXVucI905ks5uutEpgaJpZM4W_G6e>
.
--
Guillaume
|
In general, I think we should be developing a checklist for securing GitHub.This includes enabling 2FA in general for those with accounts. If this is a key component of the CI/CD pipeline, it should be assessed and approved once, then reused by other projects. Checklist is on our to do list. |
https://help.github.com/articles/about-two-factor-authentication/
The text was updated successfully, but these errors were encountered: