-
Notifications
You must be signed in to change notification settings - Fork 38
require 2FA to be on Gratipay GitHub org #775
Comments
Do you already have the percentage of 2FA activation for the Gratipay team? Requiring it for everybody would imply that everybody has long-term working phone number or the Google I think that forcing it for users with access to private repositories and deploy permission is a good thing, and then strongly suggest (≠ force) to everybody in the organisation to follow the movement. Github has a great article about how to use all the services after enabling the 2FA (spoil: you may need to generate personal tokens to clone via https). |
I don't have a smart phone, and I'm curious to see how long I can hold out with SMS 2FA being phased out. All three of us on the "Deployers" team (@clone1018 @rohitpaulk @whit537) have 2FA enabled. We are at 33% overall (8 / 24). I guess we're saying that's okay for now? |
Yep, I think. |
What about Heroku? And DNSimple? And MaxCDN? And Digital Ocean? Seems like we should adopt a 2FA policy for any system involved in production. |
(and HackerOne) |
Kenneth got hacked, illustrating the importance of 2FA. We should require 2FA on GitHub for anyone with permission to deploy, and maybe for everyone on the GitHub org.
The text was updated successfully, but these errors were encountered: