Just wondering what people are using to meet the 2FA requirement GitHub has been rolling out. I don’t love the idea of having an authenticator app installed on my phone just to log into GitHub. And really don’t want to give them my phone number just to log in.

Last year, we announced our commitment to require all developers who contribute code on GitHub.com to enable two-factor authentication (2FA)…

  • delirious_owl
    link
    fedilink
    arrow-up
    2
    ·
    7 months ago

    Wut. TOTP doesn’t involve sending an OTP. That’s the point.

    “SMS-based TOTP” is a nonsensical phrase

    • Dymonika@beehaw.org
      link
      fedilink
      arrow-up
      3
      ·
      7 months ago

      “Time-based One-Time Password” literally says nothing about the delivery method. Who said it can’t involve remote sending?

      And what would you call it, then, SOTP?

      Anyway, regardless of the terminology-nitpicking, my point still stands.

      • delirious_owl
        link
        fedilink
        arrow-up
        2
        ·
        7 months ago

        The point of being time based is to not send it. That’s the whole point. To avoid that vecotor of attack.