Just wondering what people are using to meet the 2FA requirement GitHub has been rolling out. I don’t love the idea of having an authenticator app installed on my phone just to log into GitHub. And really don’t want to give them my phone number just to log in.
Last year, we announced our commitment to require all developers who contribute code on GitHub.com to enable two-factor authentication (2FA)…
Do you think the SMS codes are not time-based on the companies’ ends? How are they deriving the digits, then?
They are not time based, correct.
Interesting, I didn’t know that. So how do they derive the digits?
Best practice for a cryptographic nonce is to generate them randomly every time