Change of policy on GitLab account creation/login?
david.cooper at genworks.com
Tue Oct 23 21:37:12 UTC 2018
I just saw the announcement on the site. Thanks for following up on this.
o Do we have to buy some kind of hardware keys now?
o Will the 2FA affect git push & pull as well? Or just logging in to the
On Sun, Oct 7, 2018 at 21:34 Raymond Toy <toy.raymond at gmail.com> wrote:
> On Sun, Oct 7, 2018 at 11:14 AM Erik Huelsmann <ehuels at gmail.com> wrote:
>> Given that situation and GitLab.com's experience, I wasn't going to
>> submit myself to a maintenance burden like that. However, now that we have
>> 2FA and we can require accounts to be blocked until they set up 2FA, I'm
>> thinking that's an additional barrier on entry, which I hope is enough to
>> keep spammers out.
> That seems quite reasonable.
>>> Are you going to require 2FA for existing accounts as well? And what
>>> 2FA methods will you support? SMS? Google Authenticator app? Security
>>> (FIDO) keys? (I'm finally going to set up 2FA for my personal accounts
>>> using security keys, so this comes at a good time. I've had to add 2FA to
>>> my github account already, using the authenticator app.)
>> I've actually been using my FIDO key successfully to log into the admin
>> account for the last half year or so. While I can't force people to shell
>> out for a Yubi key v4 or v5, I'd love for people to get a U2F key at the
>> bare minimum. It used to be supported only by Chrome, but FireFox has U2F
>> support now too. (And my experience over the past 6 months has been with
>> FireFox exclusively.)
>> U2F keys exist at reasonable prices of less than 10$.
> That's quite reasonable for the security. It is a bit of a hassle because
> when I'm at home, since I won't be carrying a key with me, but I guess I
> should just get more keys to plug into my computers
Dave Cooper, david.cooper at gen.works
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the clo-devel