On Thu, Jun 03, 2021 at 02:32:20PM -0400, Konstantin Ryabitsev wrote: > On Thu, Jun 03, 2021 at 02:25:42PM -0400, Eric Sunshine wrote: > > > The fact that Gmail forces folks to enable 2fa for app passwords is an added > > > bonus in my book. :) > > > > The 2fa requirement is a problem for those of us who don't have > > smartphones or SMS. (I see now that they also offer 8-digit backup > > codes to print out for 2fa; perhaps that might be a workable option, > > though I haven't tested it.) > > I'm not going to argue too much, but I'd say that someone who's looking for > solution to use with git-send-email is *likely* going to have access to a > smartphone. :) I do have a smartphone. Due to the battery life of smartphones I don't have access to it most of the time. > > It's also possible to use TOTP without a smartphone (e.g. via a desktop app), > though this would largely defeat the purpose. There are also TOTP hardware tokens but I haven't tried one. I think that the U2F tokens are better supported anyway. If you want some sort of real security I would avoid smartphones and go for hardware tokens. If you want to fulfill arbitrary requiremens workarounds that emulate a smartphone well enough exist. For TOTP you don't even need an emulator, only a QR code reader (in case the site insists on using QR code and does not show the plaintext) and a desktop TOTP application. Thanks Michal
