undefined | Better HN

mbesto6y ago· 2 in thread

Don't you find it a little crazy from a security perspective that you're using your machines for both personal and work purposes?

tptacekOP6y ago

We're not; "personal" was just easier to write in the moment than "single long term durable account associated with Latacora".

mbesto6y ago

Ok so what advantage does that give you? The idea of PKI is that your identification is tied to your machine. Why are you unnecessarily conflating authorization with authentication?

DangitBobby6y ago· 1 in thread

GitHub recommends using a single account, according to their website[0]... I get that it could be seen as a security concern, but I don't know if it's crazy. I only accept a physical key as 2FA, and you can revoke SSH keys from your account if your development machine is ever stolen or missing.

0. https://github.community/t5/Support-Protips/Using-one-accoun...

tptacekOP6y ago

Github is, pretty clearly, wrong about this.

tialaramex6y ago

If that would be "crazy" then I don't really see why you're so enthusiastic about using the same key for these "different" accounts.

I get how you can make it arguably safe, but it just seems like a needless risk exactly like a single shared account.

0 comments

0 comments