this post was submitted on 05 Jun 2024
49 points (78.8% liked)

Open Source

28953 readers
304 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 4 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml
49
How is everyone handling the 2FA requirement for GitHub? (docs.github.com)
submitted 4 weeks ago* (last edited 4 weeks ago) by StorageB@lemmy.one to c/opensource@lemmy.ml
127 comments fedilink hide all child comments
 

Just wondering what people are using to meet the 2FA requirement GitHub has been rolling out. I don't love the idea of having an authenticator app installed on my phone just to log into GitHub. And really don't want to give them my phone number just to log in.

Last year, we announced our commitment to require all developers who contribute code on GitHub.com to enable two-factor authentication (2FA)...

you are viewing a single comment's thread
view the rest of the comments
[โ€“] LucidDaemon@lemmy.world 18 points 4 weeks ago (1 children)

Yubikey, but thats just a personal preference. A password manager works just as well.

[โ€“] kevincox@lemmy.ml 1 points 3 weeks ago

The problem with Yubikey is that it doesn't have a good enough management story for broad use. I do use it for a few core sites (like GitHub) but if I lose a key I need to get a replacement and register that replacement with every site I have set up U2F 2FA on. This is ok with a few core accounts but doesn't scale to the hundreds of sites that I have an account with. I am sure to miss a few and then either I can't log in with the new key or get completely locked out when I lose that key and get a second replacement.