Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable 2FA to the IPFS orgs (ipld, libp2p, multiformats and of course, ipfs) #263

Closed
daviddias opened this issue Jul 11, 2017 · 32 comments
Closed
Labels
need/community-input Needs input from the wider community

Comments

@daviddias
Copy link
Member

As discussed on the IPFS All hands of July 10. We want to turn on mandatory 2FA for accounts that have contributors access with write or admin permissions.

We can time box de decision to turn this on till next Thursday and then give it a try for 1 or 2 months, my guess is that it won't stop anyone from contributing as most of our contributors already have 2FA.

@daviddias daviddias added the need/community-input Needs input from the wider community label Jul 11, 2017
@daviddias
Copy link
Member Author

daviddias commented Jul 14, 2017

The users that currently don't have 2FA enabled are:

Apologies for bringing everyone to this thread, but I have an important question for you: **Is there something stopping you from enabling 2FA in your Github account?

@ianopolous
Copy link
Member

@diasdavid What is the threat model you are trying to defend against? Depending what you are trying to defend against you might not actually end up more secure.

Something like Github is an interesting example because Git itself is already decentralised and content addressed, which removes a lot of attack vectors by design.

For example, if the threat is someone inserting malicious code into binaries built from a repo, then the build process is a much bigger threat than individual IPFS contributors being compromised. With that threat, I would focus first on all external dependencies, e.g. the 100s of libraries loaded at build time through npm or other external (to git) dependency hosting services. How trustworthy are all the owners of all those libraries? Do they require 2FA?

Github also, worryingly, supports easily cirumventable 2FA in the form of SMS codes, which any good security expert will warn against. E.g. https://www.schneier.com/blog/archives/2016/08/nist_is_no_long.html

@daviddias
Copy link
Member Author

daviddias commented Jul 14, 2017

@ianopolous there are no silver bullets for security, but you do decrease the chances of getting exploited by the barriers you put in place. This is not the only stand we will take towards OpSec.

We just have to be careful about the tradeoffs, is 2FA a pain to contributors? Apparently, most of us use 2FA today and it hasn't caused any harm to our productivity, is that any good reason why not to?

@ianopolous
Copy link
Member

@diasdavid That's my point, depending on the threat model you are defending against, you don't necessarily decrease the chance of being successfully attacked. What is being defended against?

@daviddias
Copy link
Member Author

This measure will reduce the chances of exploiting the participants in the IPFS community, most of which have write and/or admin access which gives them interesting targets as they can change more than code.

This sets up a sane default. It also helps to set the frame of mind in which people participate actively in these repos. By requiring 2FA, a user will, at least, learn and think why this is important and what else can be achieved to secure the perimeter, exactly like you are doing right now :)

@dryajov
Copy link
Member

dryajov commented Jul 14, 2017

@diasdavid mine is enabled now.

@lidel
Copy link
Member

lidel commented Jul 14, 2017

@diasdavid I enabled 2FA in form of TOTP (RFC6238) tokens.
(After initial pairing TOTP does not require network connectivity to generate time-based token, which makes it significantly safer than SMS)

@daviddias
Copy link
Member Author

daviddias commented Jul 14, 2017

@dryajov mind double checking? Still seeing like this:
image

@dryajov
Copy link
Member

dryajov commented Jul 14, 2017

@diasdavid how about now?

@daviddias
Copy link
Member Author

@dryajov 👌🏽

@vyzo
Copy link

vyzo commented Jul 16, 2017

@diasdavid 2FA enabled. Makes me queasy to have my phone control my access, it's perhaps the least secure device I own.

@lidel
Copy link
Member

lidel commented Jul 16, 2017

@vyzo you don't need to use your phone. TOTP is an open standard and there are clients for all platforms. If you are looking an alternative for phone, e.g. want to use trusted unix box, a commandline TOTP app (example1,example2) could be run from a remove machine over SSH.

@ianopolous
Copy link
Member

To save other people the research, I'm summarising my findings trying to get this working to my satisfaction (from both a security and convenience perspective).

In my ideal setup I'd have 2 yubikeys, either of which would be usable as the second factor, without ever going via a phone, and definitely not via sms, and maybe some printed backup codes.

Github requires you to enable 2FA using a TOTP app (It's not clear to me why they can't just use a yubikey straight away). I tried out the python TOTP implementation mentioned by lidel above, but it threw an exception just printing the help, and I was reluctant to trust a random python program anyway. If there was a built in ubuntu package that would be fine for me.

Eventually, whilst researching other TOTP possibilities, I read that github U2F only works in Chrome [1]. This was the final deal-breaker for me, as I use Firefox and Chrome.

[1] https://help.github.com/articles/configuring-two-factor-authentication-via-fido-u2f/

@Kubuxu
Copy link
Member

Kubuxu commented Jul 20, 2017

@ianopolous Github has Yubikey support, if you are using FF you have to install plugin: https://addons.mozilla.org/en-US/firefox/addon/u2f-support-add-on/ until FF has native support for U2F.

@daviddias
Copy link
Member Author

@ianopolous I believe that @Kubuxu proposal solves your issue. Mind trying it?

@ianopolous
Copy link
Member

There are several problems with that plugin:

  1. Who is the author and why should I trust them? I would have much more trust in a built in solution from Firefox which passes all their process and review hurdles (as well them having a reputation to protect). (Apparently hardware U2F is coming to Firefox native later this year, unclear when though)
  2. It will stop working in Firefox 57 because it wasn't built for WebExtensions
  3. It is not clear where the source code is. I believe it is https://github.com/prefiks/u2f4moz but without a link from the web extension page that could be any randomer.

@SidHarder
Copy link
Member

SidHarder commented Jul 24, 2017 via email

@cboddy
Copy link
Member

cboddy commented Jul 25, 2017

2FA enabled.

@daviddias
Copy link
Member Author

Thank you @SidHarder @cboddy ❤️

@cmharlow
Copy link

done.

@daviddias
Copy link
Member Author

daviddias commented Jul 25, 2017

awesome @cmh2166 :)

And with that, I now can enable 2FA as a requirement in https://github.com/orgs/ipfs-shipyard/people 🎉

@ianopolous
Copy link
Member

Thanks to @cboddy I've got a satisfactory solution now that meets my strict requirements (and I'll tolerate firefox not working with the yubikey for a few months). I contacted Github directly and the reason they don't allow yubikeys to be the primary second factor is exactly because it only works in chrome at the moment.

For those interested: ~100 lines of easily audit-able python code that only uses the standard library and doesn't import external stuff:
https://github.com/pyotp/pyotp

@daviddias
Copy link
Member Author

woot! Thank you :D

Now IPLD has also 2FA enabled for everyone 🌟

Missing:

  • ipfs
  • libp2p
  • multiformats

@tabrath
Copy link

tabrath commented Jul 26, 2017

Enabled 👍

@magik6k
Copy link
Member

magik6k commented Jul 27, 2017

Enabled quite a while ago

@keks
Copy link

keks commented Jul 27, 2017

Also enabled it!

@ghost
Copy link

ghost commented Nov 21, 2017

Hey, quick update, I enabled 2FA on the ipfs org yesterday, and a few people got kicked. I made sure that all current contributors got reinvited swiftly (cc @ipfs/python-team).

Anybody else who got kicked, please enable 2FA in your account and ping me here, and I'll reinvite you too :)

@TKorr
Copy link

TKorr commented Nov 22, 2017

Yea, I just got kicked...2FA enabled now. need back in the Python team, cheers.

@cboddy
Copy link
Member

cboddy commented Nov 26, 2017

Ah, wondered why I was kicked. 2FA re-enabled if you could re-add me please @lgierth

@zignig
Copy link

zignig commented Nov 26, 2017

@lgierth

2fa enabled, please add me back on. 😁

@ghost
Copy link

ghost commented Nov 28, 2017

Hey I re-invited all of you - @TKorr python team, @cboddy scala team, @zignig go team - thanks for bearing with me!

@daviddias
Copy link
Member Author

This is all done now, closing this issue :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
need/community-input Needs input from the wider community
Projects
None yet
Development

No branches or pull requests