this post was submitted on 05 Jun 2024
50 points (79.1% liked)

Open Source

31223 readers
277 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml
50
How is everyone handling the 2FA requirement for GitHub? (docs.github.com)
submitted 5 months ago* (last edited 5 months ago) by StorageB@lemmy.one to c/opensource@lemmy.ml
127 comments fedilink hide all child comments
 

Just wondering what people are using to meet the 2FA requirement GitHub has been rolling out. I don't love the idea of having an authenticator app installed on my phone just to log into GitHub. And really don't want to give them my phone number just to log in.

Last year, we announced our commitment to require all developers who contribute code on GitHub.com to enable two-factor authentication (2FA)...

(page 2) 50 comments
sorted by: hot top controversial new old
[–] ultratiem@lemmy.ca 3 points 5 months ago* (last edited 5 months ago)

iCloud Keychain. Has the ability to store 2FA codes and pull them up automatically. GitHub also supports passkeys so most times I just log in with my biometrics or user pass and don’t have to worry about the added layer.

I’m fine with regular 2FA. What I can’t abide is having to use proprietary apps, like Blizzard’s battle net. Steam too.

Passkeys are the future but still a ways off.

Wild tho that you don’t have any other accounts needing 2FA? That’s scary to me as that added security goes a long ass way in regards to hardening your secuity.

[–] WormFood@lemmy.world 3 points 5 months ago

last time I signed into my Microsoft 365 account for work I got two separate 2fa prompts and two captchas, it was like being in an episode of the crystal maze. the mere act of signing into something is now tedious and difficult

[–] flumph@programming.dev 3 points 5 months ago

2FAS is open source and doesn't have a cloud presence to store data. You can use it to add 2FA to your other services as well.

[–] Deckweiss@lemmy.world 3 points 5 months ago* (last edited 5 months ago)

I deleted my github account because fuck microsoft. Open source should not be hosted on their servers.

In regards to forced 2fa, as I don't need it on my projects, there would be literally nothing lost if somebody gets into my account.

Just for the convenience I moved them to my selfhosted forgejo and mirroring to sr.ht as a backup.

[–] isVeryLoud@lemmy.ca 2 points 5 months ago

ITT: People who think they know better than security researchers

load more comments
view more: ‹ prev next ›