2 factor authentication is not about security. It is about forcing open source developers to identify themselves by providing a phone number or other similar information.
This isn’t entirely true. The authenticator app option works with any OTP client. Infact, i’m storing my GitHub 2FA token inside of a KeePassXC database! You could also store it in something like password-store’s pass-otp and let the your client of choice handle it.
Either I added my 3x Yubikey security keys prior to that feature being taken away, or there’s a bug, or there’s some condition that has to be met before you can add security keys to your account: are you using a compatible web browser (e.g. recent Firefox), and have you downloaded/viewed/printed your recovery codes?
Mobile phones are the least secure device that you are likely to own
Un-nuanced absolutist statements like this grind my gears a little, haha
SMS is plain-text, and codes from the authenticator apps (and possibly also the GitHub Mobile app) can be phished, so in this regard I agree that the security key option offers the strongest safety/privacy, but those other phone options are still better than nothing for the majority of users
As far as devices I own, the only TV I could buy here was one running Android 10 without any software updates in the last 2 years, I feel I can confidently state that the TV is less secure than the phone I bought this year with an OS patch from this month
2 factor authentication is not about security. It is about forcing open source developers to identify themselves by providing a phone number or other similar information.
Do not use Github. Microsoft corrupted it.
Please stop sharing inaccurate information
There are many 2FA options, and you never need to add a phone number to your account if you don’t want to
This also is not entirely accurate. I checked the options, and only two exist: sms or authenticator app. Both phone based.
Mobile phones are the least secure device that you are likely to own, so using them as authenticators is unwise.
This isn’t entirely true. The authenticator app option works with any OTP client. Infact, i’m storing my GitHub 2FA token inside of a KeePassXC database! You could also store it in something like
password-store’s pass-otp and let the your client of choice handle it.Okay, you got me stumped here
Either I added my 3x Yubikey security keys prior to that feature being taken away, or there’s a bug, or there’s some condition that has to be met before you can add security keys to your account: are you using a compatible web browser (e.g. recent Firefox), and have you downloaded/viewed/printed your recovery codes?
Un-nuanced absolutist statements like this grind my gears a little, haha
SMS is plain-text, and codes from the authenticator apps (and possibly also the GitHub Mobile app) can be phished, so in this regard I agree that the security key option offers the strongest safety/privacy, but those other phone options are still better than nothing for the majority of users
As far as devices I own, the only TV I could buy here was one running Android 10 without any software updates in the last 2 years, I feel I can confidently state that the TV is less secure than the phone I bought this year with an OS patch from this month
I’m not installing a Microsoft app either. How is that any better?
You don’t need to use the GitHub mobile app if you don’t want to
Any of these can also be used (for example):