Just wondering what people are using to meet the 2FA requirement GitHub has been rolling out. I don’t love the idea of having an authenticator app installed on my phone just to log into GitHub. And really don’t want to give them my phone number just to log in.

Last year, we announced our commitment to require all developers who contribute code on GitHub.com to enable two-factor authentication (2FA)…

    • delirious_owl@discuss.online
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      7 months ago

      Not if the org uses SMS auth as a recover method for your “lost” password

      Also putting a phone number into a DB means the attackers who dump the DB now have a very effective way to phish or exploit you with a large attack surface.

      I generally don’t let my team enter phone numbers into their account data.

      • refalo@programming.dev
        link
        fedilink
        arrow-up
        2
        ·
        7 months ago

        Unfortunately many banks still require it and have no other methods available. I tried to reason with my bank about it but they just do not care.

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        Well we could be using passkeys right now if Big Tech weren’t trying to tie them to their own platforms! 🤷