Two-Factor Authentication becoming mandatory for all official project email accounts

This board is for discussions about joomla.org blog posts.
Locked
User avatar
RCheesley
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 181
Joined: Tue Apr 24, 2007 11:53 am
Location: Ipswich, Suffolk, UK
Contact:

Two-Factor Authentication becoming mandatory for all official project email accounts

Post by RCheesley » Wed Jun 01, 2016 11:06 am

Please use this forum thread to discuss the blog article posted here: http://community.joomla.org/blogs/commu ... ounts.html
Ruth Cheesley

User avatar
infograf768
Joomla! Master
Joomla! Master
Posts: 19133
Joined: Fri Aug 12, 2005 3:47 pm
Location: **Translation Matters**

Re: Two-Factor Authentication becoming mandatory for all official project email accounts

Post by infograf768 » Thu Jun 02, 2016 6:59 am

Through our mobile phone? And what if we have none? And what if the phone is in Europe?
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12781
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Two-Factor Authentication becoming mandatory for all official project email accounts

Post by brian » Thu Jun 02, 2016 7:55 am

I am all for tfa

BUT Surely the bigger security issue is why so many people actually need a *.joomla.org email address. Is it being managed and do they have the email address revoked when they no longer need it. Also are you preventing those emails being forwarded to another email address.
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
Bakual
Joomla! Ace
Joomla! Ace
Posts: 1038
Joined: Sun Dec 13, 2009 9:00 pm
Location: Switzerland
Contact:

Re: Two-Factor Authentication becoming mandatory for all official project email accounts

Post by Bakual » Thu Jun 02, 2016 8:15 am

I really think adding a requirement for *all* joomla email addresses is shooting way over the goal.
Take my email as example, there is absolutely no sensitive information in this email anymore (since I'm no longer PLT) and you can't do anything dangerous with it. If I have to add TFA to it, I'd rather don't use it anymore.
And this goes into what Brian said, instead of forcing everyone to use TFA (which may not be possible for everyone to begin with), better look whom you give such an email and remove them if they no longer need it.
Also only make it a requirement for accounts that may have sensitive data. Like the security email address as an example.
There is no point in forcing the random contributor who happens to have such an address to use TFA.

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12781
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Two-Factor Authentication becoming mandatory for all official project email accounts

Post by brian » Thu Jun 02, 2016 8:17 am

The reality is that as you are no longer on PLT why do you have the email address?
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
Bakual
Joomla! Ace
Joomla! Ace
Posts: 1038
Joined: Sun Dec 13, 2009 9:00 pm
Location: Switzerland
Contact:

Re: Two-Factor Authentication becoming mandatory for all official project email accounts

Post by Bakual » Thu Jun 02, 2016 8:35 am

I dunno. My guess is that email addresses never get deleted. And I don't even know who I would have to ask to remove it myself.
I don't use it anymore except for Glip (which I have now changed to a private one).
The other thing is the email used for Crowdin gets forwarded to my email and the one from Javier (I think).

It can be deleted safely. I don't need it anymore.

User avatar
Soren Jensen
Joomla! Explorer
Joomla! Explorer
Posts: 290
Joined: Fri Nov 11, 2005 8:53 am
Location: Granada, Spain
Contact:

Re: Two-Factor Authentication becoming mandatory for all official project email accounts

Post by Soren Jensen » Thu Jun 02, 2016 8:55 am

I mainly POP the email account so it will not have much of an impact on me, I don't think.
Soren Beck Jensenhttp://www.component-creator.com/ - Build Joomla Components fast and easy

User avatar
infograf768
Joomla! Master
Joomla! Master
Posts: 19133
Joined: Fri Aug 12, 2005 3:47 pm
Location: **Translation Matters**

Re: Two-Factor Authentication becoming mandatory for all official project email accounts

Post by infograf768 » Thu Jun 02, 2016 9:02 am

Are community.joomla.org adresses concerned?
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group

User avatar
Bakual
Joomla! Ace
Joomla! Ace
Posts: 1038
Joined: Sun Dec 13, 2009 9:00 pm
Location: Switzerland
Contact:

Re: Two-Factor Authentication becoming mandatory for all official project email accounts

Post by Bakual » Thu Jun 02, 2016 9:06 am

I understood it that all *.joomla.org addresses are affected, which would include community.joomla.org.

@Soren: You would have to enable your client as well to access the pop account. According to David Jardin it's a one-time-per-client thing you need to do.

User avatar
Soren Jensen
Joomla! Explorer
Joomla! Explorer
Posts: 290
Joined: Fri Nov 11, 2005 8:53 am
Location: Granada, Spain
Contact:

Re: Two-Factor Authentication becoming mandatory for all official project email accounts

Post by Soren Jensen » Thu Jun 02, 2016 9:46 am

Yes, my POP did stop working when I enabled TFA. But I fixed by generating a new app password. https://support.google.com/accounts/ans ... authuser=1
Soren Beck Jensenhttp://www.component-creator.com/ - Build Joomla Components fast and easy


Locked

Return to “Community Blog Discussions”