Page 1 of 1
Two-Factor Authentication becoming mandatory for all official project email accounts
Posted: Wed Jun 01, 2016 11:06 am
by RCheesley
Please use this forum thread to discuss the blog article posted here:
http://community.joomla.org/blogs/commu ... ounts.html
Re: Two-Factor Authentication becoming mandatory for all official project email accounts
Posted: Thu Jun 02, 2016 6:59 am
by infograf768
Through our mobile phone? And what if we have none? And what if the phone is in Europe?
Re: Two-Factor Authentication becoming mandatory for all official project email accounts
Posted: Thu Jun 02, 2016 7:55 am
by brian
I am all for tfa
BUT Surely the bigger security issue is why so many people actually need a *.joomla.org email address. Is it being managed and do they have the email address revoked when they no longer need it. Also are you preventing those emails being forwarded to another email address.
Re: Two-Factor Authentication becoming mandatory for all official project email accounts
Posted: Thu Jun 02, 2016 8:15 am
by Bakual
I really think adding a requirement for *all* joomla email addresses is shooting way over the goal.
Take my email as example, there is absolutely no sensitive information in this email anymore (since I'm no longer PLT) and you can't do anything dangerous with it. If I have to add TFA to it, I'd rather don't use it anymore.
And this goes into what Brian said, instead of forcing everyone to use TFA (which may not be possible for everyone to begin with), better look whom you give such an email and remove them if they no longer need it.
Also only make it a requirement for accounts that may have sensitive data. Like the security email address as an example.
There is no point in forcing the random contributor who happens to have such an address to use TFA.
Re: Two-Factor Authentication becoming mandatory for all official project email accounts
Posted: Thu Jun 02, 2016 8:17 am
by brian
The reality is that as you are no longer on PLT why do you have the email address?
Re: Two-Factor Authentication becoming mandatory for all official project email accounts
Posted: Thu Jun 02, 2016 8:35 am
by Bakual
I dunno. My guess is that email addresses never get deleted. And I don't even know who I would have to ask to remove it myself.
I don't use it anymore except for Glip (which I have now changed to a private one).
The other thing is the email used for Crowdin gets forwarded to my email and the one from Javier (I think).
It can be deleted safely. I don't need it anymore.
Re: Two-Factor Authentication becoming mandatory for all official project email accounts
Posted: Thu Jun 02, 2016 8:55 am
by Soren Jensen
I mainly POP the email account so it will not have much of an impact on me, I don't think.
Re: Two-Factor Authentication becoming mandatory for all official project email accounts
Posted: Thu Jun 02, 2016 9:02 am
by infograf768
Are community.joomla.org adresses concerned?
Re: Two-Factor Authentication becoming mandatory for all official project email accounts
Posted: Thu Jun 02, 2016 9:06 am
by Bakual
I understood it that all *.joomla.org addresses are affected, which would include community.joomla.org.
@Soren: You would have to enable your client as well to access the pop account. According to David Jardin it's a one-time-per-client thing you need to do.
Re: Two-Factor Authentication becoming mandatory for all official project email accounts
Posted: Thu Jun 02, 2016 9:46 am
by Soren Jensen
Yes, my POP did stop working when I enabled TFA. But I fixed by generating a new app password.
https://support.google.com/accounts/ans ... authuser=1