Technology
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
view the rest of the comments
Too many people were making poor choices. When there's an incident of an account that should have been secured but wasn't getting compromised, that's bad for the platform, ecosystem, and community. This is just another level beyond not allowing you to set a password of "password"
Yep. If people care about supply chain attacks or so, just add features that allow only commits from accounts with 2FA to certain repositories.
At least you should be able to use your local password manager as well if you don't care about keeping your 2fa on separate hardware. KeePass 2, KeePassXC, Bitwarden, ...
Github supports totp and Bitwarden, at least, can store that.
Bitwarden has 2FA (for paid tier, like $10/year). I don't consider it "real" 2FA, but it's more secure than just a password, and super quick to copy code using browser addon. Useful for certain sites, that don't stay logged in, require every time, etc.
Just use a YubiKey and keep it plugged in
Probably just someone at Microsoft trying to get promoted.
they want your phone number so they can track you.
how would they track you?
The reason they want a phone number is, that it's a relatively cheap way to ensure people not signing up bots galore, as getting phone numbers en masse is a lot harder than getting email accounts
phone numbers are typically tied to your name/identity, and phone companies can locate you using their towers and such. Giving a company your phone number is identical to giving a company your full legal name and address.
me giving, let's say, twitch my phone number gives them exactly 0 ways of tracking me in any way whatsoever
Source: worked for a mobile company
First part is not quite true, varies by country.
Second part is full on Olympic mental gymnastics
yeah, no idea why you're getting downvoted, it's clear why companies are so eagerly embracing and requiring 2FA -- if the benefits were only for the consumers, it wouldn't be mandated anywhere near this quickly. but when they know they get a real human phone tied to every account, that's a huge motivation