Hacker News new | comments | show | ask | jobs | submit login

I was wondering when Github was going to start supporting HSTS and 2-Factor Auth. I'm betting that it gets bumped in priority after this event. Nothing like an incident to move along security requirements!



We've supported HSTS for for well over a year now.

I don't think either would help in this situation. HSTS helps prevent SSL stripping attacks, which whoever is denying SSL access to GitHub doesn't need to bother with.

2FA serves as an annoyance to phishers, but whoever is doing this network attack has direct access to your session cookie.

Why use duosecurity over something like RFC 6238 and RFC 4226?

Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact