50
How is everyone handling the 2FA requirement for GitHub?
(docs.github.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 05 Jun 2024
50 points (79.1% liked)
Open Source
31223 readers
280 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
SMS 2FA is still better than no 2FA.
Not if the org uses SMS auth as a recover method for your "lost" password
Also putting a phone number into a DB means the attackers who dump the DB now have a very effective way to phish or exploit you with a large attack surface.
I generally don't let my team enter phone numbers into their account data.
But it should be the last resort. It makes sense why it's being phased out
Unfortunately many banks still require it and have no other methods available. I tried to reason with my bank about it but they just do not care.
Well we could be using passkeys right now if Big Tech weren't trying to tie them to their own platforms! 🤷