Change of policy on GitLab account creation/login?

Raymond Toy toy.raymond at gmail.com
Mon Oct 8 01:33:42 UTC 2018


On Sun, Oct 7, 2018 at 11:14 AM Erik Huelsmann <ehuels at gmail.com> wrote:

>
> Given that situation and GitLab.com's experience, I wasn't going to submit
> myself to a maintenance burden like that. However, now that we have 2FA and
> we can require accounts to be blocked until they set up 2FA, I'm thinking
> that's an additional barrier on entry, which I hope is enough to keep
> spammers out.
>

That seems quite reasonable.

>
>
>> Are you going to require 2FA for existing accounts as well?  And what 2FA
>> methods will you support?  SMS?  Google Authenticator app?  Security (FIDO)
>> keys?  (I'm finally going to set up 2FA for my personal accounts using
>> security keys, so this comes at a good time. I've had to add 2FA to my
>> github account already, using the authenticator app.)
>>
>
> I've actually been using my FIDO key successfully to log into the admin
> account for the last half year or so. While I can't force people to shell
> out for a Yubi key v4 or v5, I'd love for people to get a U2F key at the
> bare minimum. It used to be supported only by Chrome, but FireFox has U2F
> support now too. (And my experience over the past 6 months has been with
> FireFox exclusively.)
> U2F keys exist at reasonable prices of less than 10$.
>

That's quite reasonable for the security.  It is a bit of a hassle because
when I'm at home, since I won't be carrying a key with me, but I guess I
should just get more keys to plug into my computers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/clo-devel/attachments/20181007/ed14f8d5/attachment.html>


More information about the clo-devel mailing list