Change of policy on GitLab account creation/login?
toy.raymond at gmail.com
Mon Oct 8 01:33:42 UTC 2018
On Sun, Oct 7, 2018 at 11:14 AM Erik Huelsmann <ehuels at gmail.com> wrote:
> Given that situation and GitLab.com's experience, I wasn't going to submit
> myself to a maintenance burden like that. However, now that we have 2FA and
> we can require accounts to be blocked until they set up 2FA, I'm thinking
> that's an additional barrier on entry, which I hope is enough to keep
> spammers out.
That seems quite reasonable.
>> Are you going to require 2FA for existing accounts as well? And what 2FA
>> methods will you support? SMS? Google Authenticator app? Security (FIDO)
>> keys? (I'm finally going to set up 2FA for my personal accounts using
>> security keys, so this comes at a good time. I've had to add 2FA to my
>> github account already, using the authenticator app.)
> I've actually been using my FIDO key successfully to log into the admin
> account for the last half year or so. While I can't force people to shell
> out for a Yubi key v4 or v5, I'd love for people to get a U2F key at the
> bare minimum. It used to be supported only by Chrome, but FireFox has U2F
> support now too. (And my experience over the past 6 months has been with
> FireFox exclusively.)
> U2F keys exist at reasonable prices of less than 10$.
That's quite reasonable for the security. It is a bit of a hassle because
when I'm at home, since I won't be carrying a key with me, but I guess I
should just get more keys to plug into my computers
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the clo-devel