this post was submitted on 05 Jun 2024
46 points (78.0% liked)

Open Source

31698 readers
377 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

Just wondering what people are using to meet the 2FA requirement GitHub has been rolling out. I don't love the idea of having an authenticator app installed on my phone just to log into GitHub. And really don't want to give them my phone number just to log in.

Last year, we announced our commitment to require all developers who contribute code on GitHub.com to enable two-factor authentication (2FA)...

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 6 months ago

Technically true.

You are right, having the password in the same vault does mean that if the vault itself is compromised they have both. Guess I could move the TOTP to a separate authenticator app but the only other apps I have a mobile only and there are times I need to login without having hands on my phone.

I guess the time based aspect of the TOTP makes it a little more resistant to having someone monitor my keystrokes or clipboard or whatever and capture a relatively long lived secret like my password. So I guess its a comprise I'm willing to make.