Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require org owners to use exclusively secure two-factor authentication #57

Merged
merged 1 commit into from
Jan 26, 2025
Merged

Require org owners to use exclusively secure two-factor authentication #57

merged 1 commit into from
Jan 26, 2025

Conversation

infinisil
Copy link
Member

Turns out @tomberek and @Lassulus don't right now, I think we should.

@infinisil infinisil requested a review from a team as a code owner January 16, 2025 20:54
winterqt
winterqt approved these changes Jan 16, 2025
View reviewed changes
Copy link
Member

@winterqt winterqt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1000000%.

(Isn't the only other option SMS?)

Gabriella439
Gabriella439 approved these changes Jan 16, 2025
View reviewed changes
Copy link

@Gabriella439 Gabriella439 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have a strong opinion on this, but it seems like a good idea

jtojnar
jtojnar approved these changes Jan 16, 2025
View reviewed changes
Copy link
Member

@jtojnar jtojnar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds reasonable.

@jtojnar
Copy link
Member

jtojnar commented Jan 16, 2025

Ideally, we would have GitHub enforce it but, unfortunately, it looks like it is not possible to force require it just for owners.

It might be a good idea to eventually require it for everyone but not sure how many people it would affect as https://github.com/orgs/NixOS/people?query=two-factor%3Ainsecure shows the same list for me as https://github.com/orgs/NixOS/people?query=two-factor%3Asecure

@infinisil
Copy link
Member Author

@jtojnar I don't think that needs to be discussed here, but it shows two different lists for me: 66 pages for secure and 57 pages for insecure, so secure 2FA seems to be at least a close majority already.

@Lassulus
Copy link
Member

not sure what I need to do that github deems my 2FA as secure :D

@infinisil
Copy link
Member Author

@Lassulus As Winter said, I think SMS is the only method not considered secure, can you confirm that you have that enabled (direct link to account security settings)? If so, you'll have to turn that off

@tomberek
Copy link

I've deleted SMS auth. Does that resolve the insecure issue?

@infinisil
Copy link
Member Author

Yes it does, thanks! I'll merge this as we have SC majority and it matches reality now :)

@infinisil infinisil merged commit e0e5a17 into main Jan 26, 2025
2 checks passed
@infinisil infinisil deleted the org-owners-secure-2fa branch January 26, 2025 19:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@winterqt winterqt winterqt approved these changes

@Gabriella439 Gabriella439 Gabriella439 approved these changes

@Ericson2314 Ericson2314 Ericson2314 approved these changes

@jtojnar jtojnar jtojnar approved these changes

@fpletz fpletz fpletz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@infinisil @jtojnar @Lassulus @tomberek @fpletz @Ericson2314 @Gabriella439 @winterqt