Enable 2FA to the IPFS orgs (ipld, libp2p, multiformats and of course, ipfs) #263
Comments
|
The users that currently don't have 2FA enabled are:
Apologies for bringing everyone to this thread, but I have an important question for you: **Is there something stopping you from enabling 2FA in your Github account? |
|
@diasdavid What is the threat model you are trying to defend against? Depending what you are trying to defend against you might not actually end up more secure. Something like Github is an interesting example because Git itself is already decentralised and content addressed, which removes a lot of attack vectors by design. For example, if the threat is someone inserting malicious code into binaries built from a repo, then the build process is a much bigger threat than individual IPFS contributors being compromised. With that threat, I would focus first on all external dependencies, e.g. the 100s of libraries loaded at build time through npm or other external (to git) dependency hosting services. How trustworthy are all the owners of all those libraries? Do they require 2FA? Github also, worryingly, supports easily cirumventable 2FA in the form of SMS codes, which any good security expert will warn against. E.g. https://www.schneier.com/blog/archives/2016/08/nist_is_no_long.html |
|
@ianopolous there are no silver bullets for security, but you do decrease the chances of getting exploited by the barriers you put in place. This is not the only stand we will take towards OpSec. We just have to be careful about the tradeoffs, is 2FA a pain to contributors? Apparently, most of us use 2FA today and it hasn't caused any harm to our productivity, is that any good reason why not to? |
|
@diasdavid That's my point, depending on the threat model you are defending against, you don't necessarily decrease the chance of being successfully attacked. What is being defended against? |
|
This measure will reduce the chances of exploiting the participants in the IPFS community, most of which have write and/or admin access which gives them interesting targets as they can change more than code. This sets up a sane default. It also helps to set the frame of mind in which people participate actively in these repos. By requiring 2FA, a user will, at least, learn and think why this is important and what else can be achieved to secure the perimeter, exactly like you are doing right now :) |
|
@diasdavid mine is enabled now. |
|
@diasdavid I enabled 2FA in form of TOTP (RFC6238) tokens. |
|
@dryajov mind double checking? Still seeing like this: |
|
@diasdavid how about now? |
|
@dryajov 👌🏽 |
|
@diasdavid 2FA enabled. Makes me queasy to have my phone control my access, it's perhaps the least secure device I own. |
|
To save other people the research, I'm summarising my findings trying to get this working to my satisfaction (from both a security and convenience perspective). In my ideal setup I'd have 2 yubikeys, either of which would be usable as the second factor, without ever going via a phone, and definitely not via sms, and maybe some printed backup codes. Github requires you to enable 2FA using a TOTP app (It's not clear to me why they can't just use a yubikey straight away). I tried out the python TOTP implementation mentioned by lidel above, but it threw an exception just printing the help, and I was reluctant to trust a random python program anyway. If there was a built in ubuntu package that would be fine for me. Eventually, whilst researching other TOTP possibilities, I read that github U2F only works in Chrome [1]. This was the final deal-breaker for me, as I use Firefox and Chrome. [1] https://help.github.com/articles/configuring-two-factor-authentication-via-fido-u2f/ |
|
@ianopolous Github has Yubikey support, if you are using FF you have to install plugin: https://addons.mozilla.org/en-US/firefox/addon/u2f-support-add-on/ until FF has native support for U2F. |
|
@ianopolous I believe that @Kubuxu proposal solves your issue. Mind trying it? |
|
There are several problems with that plugin:
|
|
Hi David,
My account is setup now.
Sid.
…On Mon, Jul 24, 2017 at 3:51 PM, Dr Ian Preston ***@***.***> wrote:
There are several problems with that plugin:
1. Who is the author and why should I trust them? I would have much
more trust in a built in solution from Firefox which passes all their
process and review hurdles (as well them having a reputation to protect).
(Apparently hardware U2F is coming to Firefox native later this year,
unclear when though)
2. It will stop working in Firefox 57 because it wasn't built for
WebExtensions
3. It is not clear where the source code is. I believe it is
https://github.com/prefiks/u2f4moz <https://github.com/prefiks/u2f4moz>
but without a link from the web extension page that could be any randomer.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#263 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABhlicx_aBPu4vlwyKqdPcs548Uo-g8xks5sRRHagaJpZM4OTzcD>
.
|
|
2FA enabled. |
|
Thank you @SidHarder @cboddy ❤️ |
|
done. |
|
awesome @cmh2166 :) And with that, I now can enable 2FA as a requirement in https://github.com/orgs/ipfs-shipyard/people 🎉 |
|
Thanks to @cboddy I've got a satisfactory solution now that meets my strict requirements (and I'll tolerate firefox not working with the yubikey for a few months). I contacted Github directly and the reason they don't allow yubikeys to be the primary second factor is exactly because it only works in chrome at the moment. For those interested: ~100 lines of easily audit-able python code that only uses the standard library and doesn't import external stuff: |
|
woot! Thank you :D Now IPLD has also 2FA enabled for everyone 🌟 Missing:
|
|
Enabled 👍 |
|
Enabled quite a while ago |
|
Also enabled it! |
|
Hey, quick update, I enabled 2FA on the ipfs org yesterday, and a few people got kicked. I made sure that all current contributors got reinvited swiftly (cc @ipfs/python-team). Anybody else who got kicked, please enable 2FA in your account and ping me here, and I'll reinvite you too :) |
|
Yea, I just got kicked...2FA enabled now. need back in the Python team, cheers. |
|
Ah, wondered why I was kicked. 2FA re-enabled if you could re-add me please @lgierth |
|
2fa enabled, please add me back on. 😁 |
|
This is all done now, closing this issue :) |
As discussed on the IPFS All hands of July 10. We want to turn on mandatory 2FA for accounts that have contributors access with write or admin permissions.
We can time box de decision to turn this on till next Thursday and then give it a try for 1 or 2 months, my guess is that it won't stop anyone from contributing as most of our contributors already have 2FA.
The text was updated successfully, but these errors were encountered: