[18325] in athena10
Re: [ACTION REQUIRED] Your GitHub account, athena-github-sync, will
daemon@ATHENA.MIT.EDU (Jonathan Reed)
Tue Dec 5 17:52:05 2023
MIME-Version: 1.0
In-Reply-To: <CA+fWxRK-7us=OXBAX3-ssX+MvoT7VdoT7zB1dCsombTADxuPQQ@mail.gmail.com>
From: Jonathan Reed <jdreed@gmail.com>
Date: Tue, 5 Dec 2023 17:50:19 -0500
Message-ID: <CADwaeHco-n7W-oD7bcuj4HNUb9T9Cz4mZGemMPCv=Xzmc8Ee3A@mail.gmail.com>
To: Lizhou Sha <slz@mit.edu>
Cc: debathena@mit.edu
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
The official instructions for bots/service accounts recommend sharing
the TOTP setup key with anyone who needs access. We could store it
on demeter (or whatever the build host is these days) on the grounds
that if you have root access to that, you're entitled to the TOTP
setup key.
https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/managing-bots-and-service-accounts-with-two-factor-authentication
But someone who has committed code more recently than 2015 should
chime in here. I don't even think I remember my root instance
password.
-Jon
On Tue, Dec 5, 2023 at 5:41 PM Lizhou Sha <slz@mit.edu> wrote:
>
> What do?
>
> ---------- Forwarded message ---------
> From: GitHub <noreply@github.com>
> Date: Tue, Dec 5, 2023 at 2:21 PM
> Subject: [ACTION REQUIRED] Your GitHub account, athena-github-sync, will soon require 2FA
> To: Athena Github Synchronization Robot <athena-github-sync@mit.edu>
>
>
> Hey athena-github-sync!
>
> We're reaching out to let you know that, as announced last year, we have officially begun requiring users who contribute code on GitHub.com to have two-factor authentication (2FA) enabled.
>
> Your account meets this criteria, and you will need to enroll in 2FA within 45 days, by January 19th, 2024 at 00:00 (UTC). After this date, your access to GitHub.com will be limited until you enroll in 2FA. Enrolling is easy, and we support several options, starting with TOTP apps and text messages (SMS) and then adding on passkeys and the GitHub Mobile app.
>
> Click here to enroll in 2FA.
>
> Making the software supply chain more secure is a team effort, and we can't do it without you. Your enrollment in 2FA is an impactful step in keeping the world's software secure. If you want to learn more about this change, please take a look at our documentation about the program.
>
> To see this and other security events for your account, visit your account security audit log.
>
> If you run into problems, please contact support by visiting the GitHub support page.
>
> Thanks,
> The GitHub Team
>
>
>
> --
> Lizhou Sha
> Class of 2018
