|
|
|
|
|
|
by Wowfunhappy
1437 days ago
|
|
|
Okay, this is me proposing it! :) I'm not the first person to come up with this idea. I think if PyPI had taken the approach of "here are our concerns, here is what we're protecting, here are some different options to make this work in the most convenient way possible", that would have been received very differently. Instead, they issued an ultimatum. |
|
|
For example, just off the top of my head;
2FA as a general solution allows for U2F, which is significantly safer than your solution, even if it also allows for TOTP, which is "only" as safe as your solution.
It's also a change in user experience. Migrating users with existing passwords over to these new passwords may be more difficult for any number of reasons.
That's just a few seconds of thought. A real proposal might explicitly address these concerns. Like I said, feel free to make that proposal. A post on HN is not going to cut it, and it isn't going to help anyone. If you want to be more involved in how PyPI is maintained I suggest you do so.