On Mon, Feb 18, 2013 at 3:45 PM, Jeff King <peff@xxxxxxxx> wrote: > On Mon, Feb 18, 2013 at 02:54:30PM -0500, James Nylen wrote: >> > Just would like to request a security feature to help secure peoples github >> > accounts more by supporting 2 factor authentication like the yubikey more >> > information can be found from this link www.yubico.com/develop/ and googles >> > 2 factor authentication. Hope it gets implemented as I think it would make a >> > great feature >> >> I like the idea, and I would probably use it if it were available. >> Jeff, what do you think? > [1] I don't know if Google's system is based on the Google Authenticator > system. But it would be great if there could be an open, > standards-based system for doing 2FA+cookie authentication like > this. I'd hate to have "the GitHub credential helper" and "the > Google credential helper". I'm not well-versed enough in the area to > know what's feasible and what the standards are. I don't know what the specific infrastructure they (Google's engineers) are using is (something written in python if I'm not mistaken), but @$dayjob we've managed to authenticate to Google Apps using SAML 1.1 & SAML2 wrappers "living" in both CAS and Shibboleth. SAML is a standard and is supported (in whole or in part) by a lot of systems and SSOs out there. Given the way that systems like that work I don't see Git authenticating that way any time soon (but I've been surprised before). -- -Drew Northup -------------------------------------------------------------- "As opposed to vegetable or mineral error?" -John Pescatore, SANS NewsBites Vol. 12 Num. 59 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html