action #127688
closedMake 2FA mandatory for os-autoinst GitHub org size:M
Updated by osukup about 1 year ago
from 13.3 is 2FA begin mandatory for all active github accounts.. ( rolled out in steps ..) -> https://github.blog/2023-03-09-raising-the-bar-for-software-security-github-2fa-begins-march-13/
Updated by mkittler about 1 year ago
- Status changed from New to Feedback
- Assignee set to mkittler
Just to be sure, I'm asking whether everyone has 2FA enabled. I have it at this point.
Then I'll enable it under https://github.com/organizations/os-autoinst/settings/security.
Updated by mkittler about 1 year ago
I've tried to reach affected users via Slack/Matrix. This leaves the bot accounts "opensuseqa-pusher" and "openqa-git-sync". I suppose we best setup TOTP for them and add the TOTP-URL with the secret on https://gitlab.suse.de/openqa/password/-/blob/main/password. Is that ok or do you have an idea to make it more secure (within our current "infrastructure")?
Updated by shukui about 1 year ago
I've already enabled Two-factor authentication before. Don't know why I am informed.
Updated by mkittler about 1 year ago
Likely I mapped a GitHub name wrongly to your Slack account. This "mapping" involved a bit of guessing :-)
Updated by mkittler about 1 year ago
MR for enabling 2FA for "openqa-git-sync": https://gitlab.suse.de/openqa/password/-/merge_requests/6
I've asked Ludwig about enabling 2FA for "opensuseqa-pusher" and said he could also change the account's e-mail address to o3-admins@suse.de or osd-admins@suse.de so we can access it as well.
Updated by mkittler 12 months ago
- Status changed from Feedback to Resolved
Not many people were affected anymore so I enabled 2FA.
The bot account for the OBS workflow was kicked out so I enabled 2FA auth for it (https://gitlab.suse.de/openqa/password/-/merge_requests/7) and reinstated its membership.
So we can consider this done.