Configuring two-factor authentication - GitHub Docs
docs.github.com
You can choose among multiple options to add a second source of authentication to your account.

Just wondering what people are using to meet the 2FA requirement GitHub has been rolling out. I don’t love the idea of having an authenticator app installed on my phone just to log into GitHub. And really don’t want to give them my phone number just to log in.

Last year, we announced our commitment to require all developers who contribute code on GitHub.com to enable two-factor authentication (2FA)…

  • Jayjader@jlai.lu
    11·
    24 days ago

    I already use pass (“the unix password manager”) and there’s a pretty decent extension that lets it handle 2fa: https://github.com/tadfisher/pass-otp

    Worth noting that this somewhat defeats the purpose of 2fa if you put your GitHub password in the same store as the one used for otp. Nevertheless, this let’s me sign on to 2fa services from the command line without purchasing a USB dongle or needing a smartphone on-hand.

    • vvv@programming.dev
      7·
      24 days ago

      Your two factors shift to possession of your password vault + knowledge of the password to it. You’re okay IMO.

      You also still get the anti-replay benefits of the OTPs, though that might be a bit moot with TLS everywhere.

      • Jayjader@jlai.lu
        3·
        24 days ago

        You’re right, I should have been more specific.

        If you’re already storing your password using pass, you aren’t getting 3 factors with pass-otp unless you store the otp generation into a separate store.

        For services like GitHub that mandate using an otp, it’s convenient without being an effective loss of 2fa to store everything together.