Two-factor security

[Tom Breloff]

I'd like to make a request of the community... can everyone please turn on two-factor security on Github?  There are a lot of people with commit access to both core julia and critical organizations/packages that don't have it on, and it puts many projects at risk.  It really doesn't take too much effort, and it goes a long way to preventing a potential mess.  Thanks!

[Stefan Karpinski]

This is a good idea. Of course the last time I tried this, there were some significant annoyances. Do those seem to have been resolved?

[Tom Breloff]

What were the significant annoyances? (besides the obvious that it's an extra step to log in)

[Kristoffer Carlsson]

Activated. Thanks for the tip.

[Stefan Karpinski]

Not allowing me to authenticate in certain fairly unfortunate situations. It was some time ago, I don't recall the details.

[Steve Kelly]

For a while Pkg wouldn't work with TFA, but I believe that is resolved on 0.4.

[Lachlan Gunn]

I've put in a feature request with Github about adding an API call that would let one use 2FA with command-line git using a credential helper, though the odds of it coming to anything are probably slim.

[Rob J. Goedman]

One annoyance, which made me turn off two-factor security for github, is that Pkg.update() will fail for private packages.

Regards,

Rob

[Andreas Lobinger]

Hello colleague,

On Thursday, November 12, 2015 at 3:29:27 PM UTC+1, Tom Breloff wrote:

There are a lot of people with commit access to both core julia and critical organizations/packages that don't have it on

How can you know that?

Wishing a happy day,
       Andreas

[catc...@bromberger.com]

If you're an "owner" (or whatever the new term is in github-speak) of a repository, you can see a list of members and their 2FA status under the "People" tab. Those members w/o 2FA have a red warning triangle next to their names.

Seth.