undefined | Better HN

samastur3y ago· 2 in thread

What costs? You can stuff 2FA token generation in many password managers that run on the very computer on which you develop. It costs you exactly zero except a couple of minutes to set it up.

pyraleOP3y ago

> You can stuff 2FA token generation in many password managers that run on the very computer on which you develop.

That's one of the reasons I believe 2FA is mostly security theater. That and people insisting they need their shitty app on my unsecured phone.

It's not two-factor if all of it is running on the same hardware.

nemothekid3y ago

>That's one of the reasons I believe 2FA is mostly security theater

It's something you know + something you own. That's 2FA.

1 more reply

Analemma_3y ago· 1 in thread

You’re only looking at one side of the cost equation. If a maintainer screws up and lets their account get compromised, and then it uploads malware, it’s PyPI who has to pay the immense cost of cleanup. How is that fair?

pyraleOP3y ago

Well, it's PyPi who decides what is critical and what is not. If they're not happy with maintainers not wanting to take that responsibility, they can fork.

nemothekid3y ago

I can do that too:

>Yeah, that's the very essence of being a distribution tool.

Also, conveniently, it's the thing whose cost is not paid by the people decided to get owned.

And again, the government doesn't cover the cost of your seatbelt, so I don't see your argument. PyPi also makes you use passwords, should I complain that they are forcing me to buy a keyboard?

0 comments

0 comments