14 DAY TRIAL // The Linux Foundation has decided to implement 2-factor authentication for its Linux GIT repositories, making the entire submission process a lot safer.
The Linux kernel is already present on a billion devices and there is no sign that it is slowing down. Protecting the submission process to the GIT sources of the kernel is now of paramount importance and The Linux Foundation is making sure that the best protection is used.
Most users and developers already know about 2-factor authentication from other services that chose to implement it, either on a software level, like Gmail or Facebook, or by using hardware devices, like some of the banks, for example.
The GIT repositories weren't exactly defenseless. The developers had SSH keys and they used them for connecting to the repos, but those keys can fall in the wrong hands and this method is no longer considered secure enough.
"In 2-factor authentication parlance, a 'hard token' is a dedicated physical device that is purpose-built to do nothing else but authentication. A 'soft token,' on the other hand, designates a pure-software implementation that is running on a multi-purpose portable computing device (such as a smartphone). If you've ever set up 'two-step verification' with your Google account or turned on the 'code generator' for Facebook, you've used a 2-factor authentication soft token. If you've ever used an RSA SecurID 'key fob' or a Yubikey, you've had firsthand experience with hard tokens."
"Both hard and soft tokens have their advantages and disadvantages. The upside of soft tokens is their convenience. After all, most of us already carry in our pockets a powerful computing device that is more than capable of calculating and displaying 6-digit codes. The downside, though, is that smartphones are consumer-grade, globally networked devices that may or may not be receiving timely security patches," says Konstantin Ryabitsev on Linux.com.
The Linux kernel developers will now have the option to use both these types of authentication. The hardware 2-factor authentication will be provided with the help of Yubikeys, which are devices that can be plugged to the PC and act as keyboards, sending the proper code to the system.
As it stands right now, both the mainline and stable Linux kernel repositories are already protected requiring 2-factor authentication before a GIT push is accepted. Linux kernel developers have numerous interactions with the repos, so it's good to know that the kernel is protected and that the submission process is to be trusted.