46
How is everyone handling the 2FA requirement for GitHub?
(docs.github.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 05 Jun 2024
46 points (78.0% liked)
Open Source
30371 readers
1459 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
It's fine. The added security is huge
The problem is when they want you to install their TOTP app in order to authenticate (I'm looking at you, steam... fuck off)
I think I'd still prefer to use a 3rd-Party TOTP app but at least Steam's app adds some value by pushing a notification when you login.
Steam is okay in my book because steam was the OG 2FA provider. They forced 2FA on everyone, all the way back in 2007, they took security seriously before anyone else really cared. So, they're grandfathered in.
You can use Steam with a regular third-party TOTP authenticator, here's a guide on how to set it up: https://help.ente.io/auth/migration-guides/steam/
I hate that. I think it’s lazy af.
You can use Steam with a regular third-party TOTP authenticator, here’s a guide on how to set it up: https://help.ente.io/auth/migration-guides/steam/
If you're rooted, Aegis can import the seed from the Steam app then you don't need it anymore.
Oh, that's awesome!
But I don't have root
You may be able to use an older version of the app that allowed ADB backups, and extract the seed from that.
Another approach is to extract it from the Steam desktop app.
No idea what companies think they're accomplishing by using non-standard TOTP apps (that actually do TOTP under the hood). Microsoft do it so they can track your location and report it to managers when you login because it's something that management asks for. Some companies do it so they can lock you into their services. No idea why Steam does it.
There's an easier way: https://help.ente.io/auth/migration-guides/steam/
Thanks, I didn't know about
steamguard-cli. And I was able to import the code into Aegis too (just had to set the type to "Steam" so it would generate 5-letter codes instead of normal TOTP)...You don’t need root. https://help.ente.io/auth/migration-guides/steam/
Thank you!!
You don't even need root. https://help.ente.io/auth/migration-guides/steam/
Exactly. At the end of the day there’s nothing being transmitted with OTP and using a standard app isn’t an issue.
Or like eBay
How's that? I've had TOTP in my github account for over a year, on Aegis, and I have not seen them asking me to do anything else.
GitHub is not an offender right now, but I can easily imagine Microsoft forcing some MS OTP app in the future
Agreed. It would surprise nobody.
I do agree but Steam's app isn't bad. It's great if you use Steam's social features and it makes secure login a total breeze.
It's not that the app is good or bad. It's that you are FORCED to use it when there is no technical reason for that requirement.
Let me reiterate: fuck valve
Sure, I don't disagree, it shouldn't be a requirement but because the app is good and makes the process easy, I don't have a problem with it.