How is everyone handling the 2FA requirement for GitHub?
docs.github.com
Just wondering what people are using to meet the 2FA requirement GitHub has been rolling out. I don't love the idea of having an authenticator app installed on my phone just to log into GitHub. And really don't want to give them my phone number just to log in.
Last year, we announced our commitment to require all developers who contribute code on GitHub.com to enable two-factor authentication (2FA)...
You are viewing a single comment
It's fine. The added security is huge
The problem is when they want you to install their TOTP app in order to authenticate (I'm looking at you, steam... fuck off)
I think I'd still prefer to use a 3rd-Party TOTP app but at least Steam's app adds some value by pushing a notification when you login.
Steam is okay in my book because steam was the OG 2FA provider. They forced 2FA on everyone, all the way back in 2007, they took security seriously before anyone else really cared. So, they're grandfathered in.
You can use Steam with a regular third-party TOTP authenticator, here's a guide on how to set it up: https://help.ente.io/auth/migration-guides/steam/
I hate that. I think itโs lazy af.
You can use Steam with a regular third-party TOTP authenticator, hereโs a guide on how to set it up: https://help.ente.io/auth/migration-guides/steam/
Exactly. At the end of the day thereโs nothing being transmitted with OTP and using a standard app isnโt an issue.
If you're rooted, Aegis can import the seed from the Steam app then you don't need it anymore.
Oh, that's awesome!
But I don't have root
You may be able to use an older version of the app that allowed ADB backups, and extract the seed from that.
Another approach is to extract it from the Steam desktop app.
No idea what companies think they're accomplishing by using non-standard TOTP apps (that actually do TOTP under the hood). Microsoft do it so they can track your location and report it to managers when you login because it's something that management asks for. Some companies do it so they can lock you into their services. No idea why Steam does it.
There's an easier way: https://help.ente.io/auth/migration-guides/steam/
Thanks, I didn't know about
steamguard-cli. And I was able to import the code into Aegis too (just had to set the type to "Steam" so it would generate 5-letter codes instead of normal TOTP)...You donโt need root. https://help.ente.io/auth/migration-guides/steam/
Thank you!!
You don't even need root. https://help.ente.io/auth/migration-guides/steam/
Or like eBay
How's that? I've had TOTP in my github account for over a year, on Aegis, and I have not seen them asking me to do anything else.
GitHub is not an offender right now, but I can easily imagine Microsoft forcing some MS OTP app in the future
Agreed. It would surprise nobody.
You can use it with a regular TOTP app, just like with Steam (but it requires some additional setup: https://help.ente.io/auth/migration-guides/steam/)