Just wondering what people are using to meet the 2FA requirement GitHub has been rolling out. I don’t love the idea of having an authenticator app installed on my phone just to log into GitHub. And really don’t want to give them my phone number just to log in.

Last year, we announced our commitment to require all developers who contribute code on GitHub.com to enable two-factor authentication (2FA)…

  • Scrubbles@poptalk.scrubbles.tech
    link
    fedilink
    English
    arrow-up
    67
    arrow-down
    1
    ·
    6 months ago

    SMS is the least secure form of 2FA, and sim swaps are a very real thing. Whatever you’re issues with 2FA apps are, I can 100% say that you should be more concerned about actors getting access to your account.

    And this isn’t just GitHub. You should be using a 2FA app for allllll of your services. Breaches are a daily thing, your passwords are online and are available. 2FA may be the only thing defending you right now, and SMS 2fa or email 2fa I wouldn’t trust.

    • peregus@lemmy.world
      link
      fedilink
      arrow-up
      12
      ·
      edit-2
      6 months ago

      Totally agree! 2FA on all the accounts that support it avoiding SMS. And different passwords (complex, auto generated by a password manager) for each single account. I may be paranoid, but I also use a different email alias (SimpleLogin) for every single account! 😆

      • nrbray@lemmy.ml
        link
        fedilink
        arrow-up
        5
        ·
        6 months ago

        same, a simple habit that is secure, I use it always with maximum privacy. One day you will be in a rush, under stress, affected by age, and use your old habits with a valuable asset…