Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure 2FA is enabled! #489

Closed
ewdurbin opened this issue Jan 18, 2023 · 16 comments
Closed

Ensure 2FA is enabled! #489

ewdurbin opened this issue Jan 18, 2023 · 16 comments

Comments

@ewdurbin
Copy link
Member

ewdurbin commented Jan 18, 2023
edited
Loading

All members of the python organization will soon be required to have 2FA enabled.

Currently some members of @python/python-core and @python/python-triage do not have 2FA enabled.

At your earliest convenience, please go to your account security settings and ensure that the “Two-factor authentication” section shows “Enabled”.

If not, please enable 2FA for your GitHub account according to GitHub's documentation. Be sure to save your recovery codes somewhere safe while doing so!
@CAM-Gerlach CAM-Gerlach mentioned this issue Jan 18, 2023
Closed
@hugovk hugovk pinned this issue Jan 23, 2023
@hugovk
Copy link
Member

hugovk commented Feb 14, 2023

In case it's useful, I write a little script when we were enabling 2FA at work, to check which members of the org didn't have 2FA turned on yet, so I could go and hassle remind them:

https://github.com/hugovk/github-tools/blob/main/org_users_2fa.py

@arhadthedev
Copy link
Member

arhadthedev commented Feb 14, 2023
edited
Loading

to check which members of the org didn't have 2FA turned on yet

What's about Bedevere and Miss Islington? I'm working on triggering the former via GitHub Actions but we still need an account token to work with GitHub REST API. [edit: unless we want to deal with @actions/core, @actions/github and possibly few more JavaScript libraries]

@ewdurbin
Copy link
Member Author

@arhadthedev discussion here: python/bedevere#531

@CAM-Gerlach
Copy link
Member

To note, GitHub has been steadily rolling out 2FA for all users, starting with the maintainers of depended-upon projects a couple weeks ago, and concluding with all users by the end of the year. This will include all of us, so all CPython core team members (Triager, Core Dev, etc) will need to have 2FA enabled by around the end of April to continue using their GitHub account.

@menkotoglou
Copy link
Contributor

Following @CAM-Gerlach latest comment, is it required that all CPython core team members have 2FA enabled? If so, could this issue close?

@pganssle pganssle reopened this Jul 22, 2023
@hugovk
Copy link
Member

hugovk commented Jul 22, 2023

It will soon be required.

This at least depends on python/bedevere#569 to resolve python/bedevere#531.

@ambv
Copy link

ambv commented Jul 22, 2023
edited by hugovk
Loading

Using @hugovk's script, there are still 13 team members without 2FA:

@sunmy2019
Copy link
Member

Done

@vstinner
Copy link
Member

If these core devs enable 2FA later, they can again merge pull requests?

@hugovk
Copy link
Member

hugovk commented Jul 22, 2023

Yes, but:

If they don't enable 2FA before we require it for the org, they're removed from the org.

If they enable within 3 months, we can reinstate them with the earlier permissions/settings.

If they enable after that, we can re-add them as if they're a new user.

When you require use of two-factor authentication for your organization, members, outside collaborators, and billing managers who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable two-factor authentication for their personal account within three months of their removal from your organization.

https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization

This isn't necessarily a bad thing, because it can be good for security to remove access when it's not used. And it's not permanent, so can be re-added.

@vstinner
Copy link
Member

Are you going to contact them? I know a few of them.

@akulakov
Copy link

akulakov commented Jul 22, 2023 via email

@nanjekyejoannah
Copy link
Member

These folks need to be contacted maybe by email before as an example Laura Graves might also lose functionality related to her PSF work unknowingly or she may not be checking and using GitHub actively @LauraGraves .

@akulakov
Copy link

akulakov commented Aug 7, 2023 via email

@hugovk
Copy link
Member

hugovk commented Nov 27, 2023

Reminder that GitHub will "require all developers who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023".

https://github.blog/2023-03-09-raising-the-bar-for-software-security-github-2fa-begins-march-13/

@ambv Who still needs to enable 2FA?

@encukou
Copy link
Member

encukou commented Feb 28, 2024

GitHub now requires 2FA for code contributors.
The python organization now also requires it for all members. A handful of outside collaborators were removed in that change; see python/steering-council#91 (comment) (go there to regain access).

I'll close the issue: there's nothing more to do, and it doesn't look like anyone connected to core workflow is affected now.

@encukou encukou closed this as completed Feb 28, 2024
@hugovk hugovk unpinned this issue Apr 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests