Two-Factor Authentication becoming mandatory for all official project email accounts
- RCheesley
- Joomla! Enthusiast
- Posts: 181
- Joined: Tue Apr 24, 2007 11:53 am
- Location: Ipswich, Suffolk, UK
- Contact:
Two-Factor Authentication becoming mandatory for all official project email accounts
Please use this forum thread to discuss the blog article posted here: http://community.joomla.org/blogs/commu ... ounts.html
Ruth Cheesley
- infograf768
- Joomla! Master
- Posts: 19133
- Joined: Fri Aug 12, 2005 3:47 pm
- Location: **Translation Matters**
Re: Two-Factor Authentication becoming mandatory for all official project email accounts
Through our mobile phone? And what if we have none? And what if the phone is in Europe?
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group
- brian
- Joomla! Master
- Posts: 12787
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: Two-Factor Authentication becoming mandatory for all official project email accounts
I am all for tfa
BUT Surely the bigger security issue is why so many people actually need a *.joomla.org email address. Is it being managed and do they have the email address revoked when they no longer need it. Also are you preventing those emails being forwarded to another email address.
BUT Surely the bigger security issue is why so many people actually need a *.joomla.org email address. Is it being managed and do they have the email address revoked when they no longer need it. Also are you preventing those emails being forwarded to another email address.
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
- Bakual
- Joomla! Ace
- Posts: 1038
- Joined: Sun Dec 13, 2009 9:00 pm
- Location: Switzerland
- Contact:
Re: Two-Factor Authentication becoming mandatory for all official project email accounts
I really think adding a requirement for *all* joomla email addresses is shooting way over the goal.
Take my email as example, there is absolutely no sensitive information in this email anymore (since I'm no longer PLT) and you can't do anything dangerous with it. If I have to add TFA to it, I'd rather don't use it anymore.
And this goes into what Brian said, instead of forcing everyone to use TFA (which may not be possible for everyone to begin with), better look whom you give such an email and remove them if they no longer need it.
Also only make it a requirement for accounts that may have sensitive data. Like the security email address as an example.
There is no point in forcing the random contributor who happens to have such an address to use TFA.
Take my email as example, there is absolutely no sensitive information in this email anymore (since I'm no longer PLT) and you can't do anything dangerous with it. If I have to add TFA to it, I'd rather don't use it anymore.
And this goes into what Brian said, instead of forcing everyone to use TFA (which may not be possible for everyone to begin with), better look whom you give such an email and remove them if they no longer need it.
Also only make it a requirement for accounts that may have sensitive data. Like the security email address as an example.
There is no point in forcing the random contributor who happens to have such an address to use TFA.
- brian
- Joomla! Master
- Posts: 12787
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: Two-Factor Authentication becoming mandatory for all official project email accounts
The reality is that as you are no longer on PLT why do you have the email address?
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
- Bakual
- Joomla! Ace
- Posts: 1038
- Joined: Sun Dec 13, 2009 9:00 pm
- Location: Switzerland
- Contact:
Re: Two-Factor Authentication becoming mandatory for all official project email accounts
I dunno. My guess is that email addresses never get deleted. And I don't even know who I would have to ask to remove it myself.
I don't use it anymore except for Glip (which I have now changed to a private one).
The other thing is the email used for Crowdin gets forwarded to my email and the one from Javier (I think).
It can be deleted safely. I don't need it anymore.
I don't use it anymore except for Glip (which I have now changed to a private one).
The other thing is the email used for Crowdin gets forwarded to my email and the one from Javier (I think).
It can be deleted safely. I don't need it anymore.
- Soren Jensen
- Joomla! Explorer
- Posts: 290
- Joined: Fri Nov 11, 2005 8:53 am
- Location: Granada, Spain
- Contact:
Re: Two-Factor Authentication becoming mandatory for all official project email accounts
I mainly POP the email account so it will not have much of an impact on me, I don't think.
Soren Beck Jensen - http://www.component-creator.com/ - Build Joomla Components fast and easy
- infograf768
- Joomla! Master
- Posts: 19133
- Joined: Fri Aug 12, 2005 3:47 pm
- Location: **Translation Matters**
Re: Two-Factor Authentication becoming mandatory for all official project email accounts
Are community.joomla.org adresses concerned?
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group
- Bakual
- Joomla! Ace
- Posts: 1038
- Joined: Sun Dec 13, 2009 9:00 pm
- Location: Switzerland
- Contact:
Re: Two-Factor Authentication becoming mandatory for all official project email accounts
I understood it that all *.joomla.org addresses are affected, which would include community.joomla.org.
@Soren: You would have to enable your client as well to access the pop account. According to David Jardin it's a one-time-per-client thing you need to do.
@Soren: You would have to enable your client as well to access the pop account. According to David Jardin it's a one-time-per-client thing you need to do.
- Soren Jensen
- Joomla! Explorer
- Posts: 290
- Joined: Fri Nov 11, 2005 8:53 am
- Location: Granada, Spain
- Contact:
Re: Two-Factor Authentication becoming mandatory for all official project email accounts
Yes, my POP did stop working when I enabled TFA. But I fixed by generating a new app password. https://support.google.com/accounts/ans ... authuser=1
Soren Beck Jensen - http://www.component-creator.com/ - Build Joomla Components fast and easy