Configuring two-factor authentication - GitHub Docs
docs.github.com
You can choose among multiple options to add a second source of authentication to your account.

Just wondering what people are using to meet the 2FA requirement GitHub has been rolling out. I don’t love the idea of having an authenticator app installed on my phone just to log into GitHub. And really don’t want to give them my phone number just to log in.

Last year, we announced our commitment to require all developers who contribute code on GitHub.com to enable two-factor authentication (2FA)…

  • @Dymonika@beehaw.org
    1027 days ago

    I don’t love the idea of having an authenticator app installed on my phone

    For anything? Why not? Surely you don’t believe SMS-based TOTP is safer, right?

    • @delirious_owl
      226 days ago

      Wut. TOTP doesn’t involve sending an OTP. That’s the point.

      “SMS-based TOTP” is a nonsensical phrase

      • @Dymonika@beehaw.org
        326 days ago

        “Time-based One-Time Password” literally says nothing about the delivery method. Who said it can’t involve remote sending?

        And what would you call it, then, SOTP?

        Anyway, regardless of the terminology-nitpicking, my point still stands.

        • @delirious_owl
          225 days ago

          The point of being time based is to not send it. That’s the whole point. To avoid that vecotor of attack.

          • @Dymonika@beehaw.org
            225 days ago

            Do you think the SMS codes are not time-based on the companies’ ends? How are they deriving the digits, then?

                • @delirious_owl
                  224 days ago

                  Best practice for a cryptographic nonce is to generate them randomly every time