this post was submitted on 05 Jun 2024
44 points (76.8% liked)

Open Source

31060 readers
590 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

Just wondering what people are using to meet the 2FA requirement GitHub has been rolling out. I don't love the idea of having an authenticator app installed on my phone just to log into GitHub. And really don't want to give them my phone number just to log in.

Last year, we announced our commitment to require all developers who contribute code on GitHub.com to enable two-factor authentication (2FA)...

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 7 points 5 months ago* (last edited 5 months ago) (1 children)

Your two factors shift to possession of your password vault + knowledge of the password to it. You're okay IMO.

You also still get the anti-replay benefits of the OTPs, though that might be a bit moot with TLS everywhere.

[โ€“] [email protected] 3 points 5 months ago

You're right, I should have been more specific.

If you're already storing your password using pass, you aren't getting 3 factors with pass-otp unless you store the otp generation into a separate store.

For services like GitHub that mandate using an otp, it's convenient without being an effective loss of 2fa to store everything together.