2fa

Josh and Kurt talk about how hard multi factor authentication is. This all starts from a Mastodon thread, and Jerry Bell, the administrator of infosec.exchange joins us to discuss password security and all things Mastodon. Infosec.exchange is an incredible story and Jerry weaves a thrilling tale. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_354_Jerry_Bell_tells_us_why_Mastodon_is_awesome_and_MFA_is_hard.mp3 Show Notes infosec.exchange MFA discussion Jerry’s 2FA advice MalwareTech retracts Mastodon statements

Josh and Kurt talk about PyPI mandating two factor authentication for the top 1% of projects. It feels like a simple idea, but it’s not when you start to think about it. What problems does 2FA solve? How common are these attacks? What are the second and third order effects of mandating 2FA? This episode should have something for everyone on all sides of this discussion to violently disagree with. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_332_PyPI_2FA_or_not_2FA_that_is_the_question.mp3 Show Notes PyPI announcement NPM expired domains Morten Linderud Tweet Congratulations: We Now Have Opinions on Your Open Source Contributions