On March 13, we will officially begin rolling out our initiative to require all developers who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Read on to learn about what the process entails and how you can help secure the software supply chain with 2FA.
I don’t like how a lot of things require their own custom app, especially when there’s no automatic notification. I need to try and remember what the app is called, open it, navigate through, then approve it
I like the app setup rather than shoving everything into a browser. But I’m not a fan of this 2fa stuff. I get the point is security, but let me decide which app/method to use, and whether I want to use it at all. Otherwise it’s just annoying.
I’m absolutely a fan of choosing which method to use, and also a fan of requiring choosing one. I prefer Google Authenticator-style 2FA (I use Aegis, but there are plenty of options), and I get annoyed when I need something else (e.g. Fidelity only offers Symantec, Steam only offers Steam Guard, etc).
1password does this, too and it’s magical. I’ve had my SMS go to my browser via Google Messages for a while, but it’s so much easier to just auto-fill it instead of copy/paste
…through a third-party cloud server that you have no good reason to trust. No bueno. Keep sensitive information off the cloud unless you want it to become public.
yup, that’s the tradeoff, this or reaching for your procrastinating device, but yeah, maybe Bitwarden could be better alternative, now i’m too lazy to migrate + it’s paid
2FA is the biggest bane to my productivity in the last 15 years, no part of my work life should require me to pull out my magic distraction device.
I don’t like how a lot of things require their own custom app, especially when there’s no automatic notification. I need to try and remember what the app is called, open it, navigate through, then approve it
I like the app setup rather than shoving everything into a browser. But I’m not a fan of this 2fa stuff. I get the point is security, but let me decide which app/method to use, and whether I want to use it at all. Otherwise it’s just annoying.
I’m absolutely a fan of choosing which method to use, and also a fan of requiring choosing one. I prefer Google Authenticator-style 2FA (I use Aegis, but there are plenty of options), and I get annoyed when I need something else (e.g. Fidelity only offers Symantec, Steam only offers Steam Guard, etc).
Get a desktop auth app. Bitwarden lets you autofill 2fa as well as password.
1password does this, too and it’s magical. I’ve had my SMS go to my browser via Google Messages for a while, but it’s so much easier to just auto-fill it instead of copy/paste
Also, 1password logs you out when you stare at it wrong, so I’m not worried about someone who would somehow get local access abusing it.
That’s bad advice
Allowing a smartphone access to anything sensitive is even worse advice. Smartphones are notoriously insecure.
You’re right. Dont grant your smartphone access to your GitHub. Just give it one factor.
Authy has a desktop app and syncing across devices
…through a third-party cloud server that you have no good reason to trust. No bueno. Keep sensitive information off the cloud unless you want it to become public.
yup, that’s the tradeoff, this or reaching for your procrastinating device, but yeah, maybe Bitwarden could be better alternative, now i’m too lazy to migrate + it’s paid
KeePassXC seems reputable, so I guess I’ll try to use that when the time comes.