2FA

[Rockyread]

Select Topic Area

Product Feedback

Body

The mandatory 2FA requirement of GitHub violates essential Human Rights.
It forces me to buy products I do not wish to buy.
It impairs free speech.
It excludes older people from participating.
There must be other more liberal ways of contributing code to the world.

[mehulrajdev]

Two-factor authentication does not impact free speech in any way. It's merely an additional security measure to ensure the rightful owner is accessing the account.

The exclusion of older people is indeed a valid concern. However, it's not so much the 2FA that's excluding, but rather the broader issue of digital literacy among the older population. Efforts can be made to educate and assist them in navigating these security measures.

[Anpanator]

They do not require a phone. You can use TOTP on your PC. If it's the same PC as the one with repo access, however, the security gain is... questionable.

My main gripe is that they don't allow all 2FA methods as primary methods (e.g. Security Keys), so I'll most likely be migrating elsewhere by the end of the month.

[technik]

This is not an answer, it's just corporate BS for "yeah, we already made our minds, so we couldn't care less what you say".

[patrickbnu]

Or when you want to use your phone number but your country (Brazil) ins't listed to send a sms?

[wa7jos]

You can take your 2FA and shove it where the sun don't shine! I only have ONE project archived and it can sit there forever - I don't care.
The only reason I HAVE a cell phone is so I can do 2FA at other sites, which I find cumbersome and intrusive. Not interested in more of the same.

[SirFalc0n]

2FA is gutter trash and so is whatever idiot thought it was a good idea. It should be an option, not a requirement. Down with github.

[ghost]

I will not give you my phone number to host my projects, nor will i install an app on my phone. If you're telling me I won't be able to take account actions at a certain date, as in deleting my account, Just delete it now.

intrusive, unnecessary

[ghost]

"An additional security measure to ensure the rightful owner is accessing the account. That is being forced down everyone's throat whether they want it or not, Or be restricted from account actions"

I wont be played with, whatever you stand to gain enough to "REQUIRE" it over offering it as an optional security measure

[ghost]

I just wanted to stop in and say "Fuck you" to any in fact all of the people who thought forcing this shit on everybody was a good idea.
You can burn in hell right along with the fucks that thought "It isn't enough to just allow symbols in passwords, we require them"

[jmcunx]

The only option that will work for me is 2FA via email as suggested by RealSuperRyn. That is because I never give my Cell Phone Number out plus I will not by hardware for the other options.

So, unless email 2FA option is not available, I will stop using github. I already copied my projects elsewhere to see how that works. If the email option is not allowed, I will delete my ID from github on Oct 11.

[omendezmorales]

Hello,
I setup 2FA twice in my authenticator app, and now github is showing me an error when I use the code provided by authenticator:

Is there a fix for this ? Thanks,

[zaher]

Happened to me too, failed to auth, i used Google Auth, MS Auth and FreeOTP

[omendezmorales]

After clicking here and there, I managed to fix it> my Google authenticator needed to be resynchronized, as explained on My Google Authenticator codes don’t work. After that, the codes generated worked again :-)

[twome]

Wow, it "failed", what an incredibly useful error message. Top-echelon user interface design from Microsoft, as usual.

[GuillermoFA]

:D

[kikfox]

Github's 2FA is nothing to do with "security" blah blah ... they just want to track you ! They already implemented Geofencing and "Shadow Banning Users" .

[n1kdo]

This is completely useless.

[rsv-code]

When is it enough? 2, 3, 4 factor, face scan ... Instead of inconveniencing and annoying users by mandating a hack on top of an already broken system maybe github should participate in a better solution.

[r57zone]

After scanning the face, they will want to scan the ass, all for safety.

[r57zone]

Totally support, whoever wants to let them use 2FA, whoever doesn't want to give the option to not use it.

[Petschko]

I will not use it! Bye github, block me i dont care, then i host my stuff somewhere else lol~

[tradesouthwest]

Now that Microshaft owns github; it will forever be running commercial logic on all assets. Ads are probably next but I think they are more interested in stealing Open source work that is done by the Open source Community---for profit---rather than keeping it Open source.

This is obviously what is happening. WANTING (requiring) my phone number is just proof of this sham.

[r57zone]

Microsoft is destroying another product, a worthless policy of stupid people. They don't care about security, they want to force developers to use this 2FA shit apps.
I wish Microsoft bankruptcy.

[metux]

I've written a script to run it all on my local machine:

https://gist.github.com/metux/ce43da58d9759019a0fbf4d25ccb1b00

Since quite recently, the QR image decoding isn't really needed anymore, since github added a link to show the raw key on setup.

[Iron-E]

You saved me a lot of time in avoiding having to port over my repos to GitLab. Thank you.

[howtophil]

The bottom line, 2FA is unnecessary. It does not prove I am me any better than my private key does. It creates impediments to using github. It opens additional software supply-chain vulnerabilities for all users now forced to incorporate another app, or extension with automatic-updates into their computing environment. The "Authenticator" recommended on the 2FA start page uses npm of all things to pull in yet more build requirements. Another "Glass Castle" of software built on "Clay Feet". There are always alternatives to github.

The admins marked anything negative as "disruptive" because they know 2FA is bullshit

[csyezheng]

I made a command line tool to generate and verify one-time passwords. It is no phone required and is easy to use.

Add security key for the first time

a2fa add [flags] <account name> <secret key>

Every time you need generates an authentication code, just run the following command:

a2fa list

a2fa’s github repository:
https://github.com/csyezheng/a2fa

[ghost]

My main account just got sent to limbo after activating 2FA
https://github.com/orgs/community/discussions/73451

[howtophil]

Exactly.

…

On Mon, Dec 11, 2023 at 4:13 PM Carmelo Fernandez-Aguera < ***@***.***> wrote: This is not an answer, it's just corporate BS for "yeah, we already made our minds, so we couldn't care less what you say". — Reply to this email directly, view it on GitHub <#63784 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAMVH3KQKSYCT73LGPSQ2WDYI5ZOFAVCNFSM6AAAAAA3Q2CDA2VHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM3TQMRUGM4DK> . You are receiving this because you commented.Message ID: ***@***.***>

-- Phillip J Rhoades HowToPhil.com KE8GGD

[naourass]

Either support SMS 2FA for all countries, or provide your own Authenticator App / Browser Extension. I'm not going to use a third party for authenticating to Github, and you don't have SMS support for my country. I'm really confused and I may jump ship.