GitHub 的 2FA 新計畫
source link: https://blog.gslin.org/archives/2022/12/17/10993/github-%e7%9a%84-2fa-%e6%96%b0%e8%a8%88%e7%95%ab/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
GitHub 的 2FA 新計畫
GitHub 決定擴大強制使用 2FA 的範圍:「Raising the bar for software security: next steps for GitHub.com 2FA」。
本來的 2FA policy 是在「Software security starts with the developer: Securing developer accounts with 2FA」這邊提到的,所有的使用者預定在 2023 年年底強制使用 2FA:
GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023.
另外針對 npm 熱門套件的維護者,則是在三月 (top 100) 與五月 (top 500) 就強制要使用了:
In February we enrolled all maintainers of the top-100 packages on the npm registry in mandatory 2FA, and in March we enrolled all npm accounts in enhanced login verification. On May 31, we will be enrolling all maintainers of the top-500 packages in mandatory 2FA.
但到 2023 年年底才有動作會有點久,所以這次宣佈在 2023 年三月會插入一個新階段,強制這些人要有 2FA 才能進行變更類的操作:
- Users who published GitHub or OAuth apps or packages
- Users who created a release
- Users who are Enterprise and Organization administrators
- Users who contributed code to repositories deemed critical by npm, OpenSSF, PyPI, or RubyGems
- Users who contributed code to the approximate top four million public and private repositories
以 developer 為主的 GitHub 大力在推 2FA,其他的服務不知道之後會不會有類似動作...
Related
GitHub 將在 2023 年底強制所有使用者都啟用 2FA
GitHub 公佈了強制使用 2FA 的計畫:「Software security starts with the developer: Securing developer accounts with 2FA」。 文章副標題把該講的都講完了: GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. 自己開是一件事情,整個服務強制啟用是另外一個等級,還有一年多的時間...
May 6, 2022In "Computer"
CA/Browser Forum 上的會議記錄:關於密碼與 2FA 的強制要求
CA/Browser Forum 會定時將會議記錄與最後的結論公開放在網站上,有時候有些資訊還蠻有趣的。像是前幾天在「Ballot 221 - Two-Factor Authentication and Password Improvements - CAB Forum」這邊看到 CA/Browser Forum 的成員對密碼與 2FA 提出了修正提案,其中瀏覽器端只有 Microsoft 參與投票,但是被否決了... 不知道否決的原因,但是大概可以猜到幾個點。 第一個是提案提到了 NSA 的 NIST 800-63B Appendix A,這個單位不太受歡迎啊... 第二個則是「For accounts that are accessible only within Secure Zones or High Security Zones, require that passwords have at least twelve (12) characters;」這段強迫使用密碼,而現在有比密碼更安全的方案存在…
June 4, 2018In "Computer"
移除 Facebook 上的行動電話
Facebook 上的行動電話號碼除了被拿來當作 2FA 的備案外,也被強制分享。更糟的是還被拿來當作廣告的條件: For years Facebook claimed the adding a phone number for 2FA was only for security. Now it can be searched and there's no way to disable that. pic.twitter.com/zpYhuwADMS— Jeremy Burge ?? (@jeremyburge) March 1, 2019 This is so crazy: even if you deliberately don't include your…
March 5, 2019In "Computer"
Leave a Reply
Your email address will not be published. Required fields are marked *
Comment *
Name *
Email *
Website
Notify me of follow-up comments by email.
Notify me of new posts by email.
To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)
Post navigation
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK