| General > General Technical Chat |
| How to bypass GitHub's new 'Enable two-factor authentication'. |
| << < (3/14) > >> |
| Shonky:
--- Quote from: RoGeorge on August 16, 2023, 09:48:52 pm --- --- Quote from: Veteran68 on August 16, 2023, 09:22:16 pm ---As others have said, 2FA is going to be unavoidable with most legitimate providers, and it really shouldn't be feared or resisted. --- End quote --- No, it should be optional. --- End quote --- Why? They're providing a service. They want it secure to protect your account and them. You're making a mountain out of a molehill. Bitwarden already essentially autofills. I'm sure other password managers do also. It's really a non issue except for those who want to complain about anything. |
| Veteran68:
--- Quote from: RoGeorge on August 16, 2023, 09:48:52 pm --- --- Quote from: Veteran68 on August 16, 2023, 09:22:16 pm ---As others have said, 2FA is going to be unavoidable with most legitimate providers, and it really shouldn't be feared or resisted. --- End quote --- No, it should be optional. --- End quote --- Well I'll strongly argue that it won't be optional with many providers much longer, and here's why. It isn't just a matter of your own inconvenience and data/financial loss should your account be compromised, it's a huge cost and liability to the service provider. Whether from loss of their own IP data, or customer data leading to loss of customer trust, or infrastructure costs to remediate the breach, or huge fines from laws like GDPR around PII and PCI data, businesses are being forced to take cybersecurity seriously and demonstrate steps to shore up their security, or suffer the consequences. It's now a huge business liability, and the bigger the business, the bigger the risk. GDPR alone can leverage a fine of up to 20M Euro or 4% of gross revenue, whichever is greater, for serious violations. Part of what auditors look for when determining liability is what steps are taken to reduce the security risk. MFA/2FA is one of the easiest ways to do this, that alone takes a lot of risk off the table. It's only a matter of time. My company implemented it a couple of years ago for employee authentications. Due to my profession and online activity I have become so accustomed to MFA that I tend to be surprised when it's not offered, particularly by larger companies. |
| KE5FX:
Yeah, everybody has the same threat model, right. We all work for the NSA now. So where's my SCIF and shoulder holster? |O |
| BrianHG:
--- Quote from: Shonky on August 16, 2023, 10:39:17 pm --- --- Quote from: RoGeorge on August 16, 2023, 09:48:52 pm --- --- Quote from: Veteran68 on August 16, 2023, 09:22:16 pm ---As others have said, 2FA is going to be unavoidable with most legitimate providers, and it really shouldn't be feared or resisted. --- End quote --- No, it should be optional. --- End quote --- Why? They're providing a service. They want it secure to protect your account and them. You're making a mountain out of a molehill. Bitwarden already essentially autofills. I'm sure other password managers do also. It's really a non issue except for those who want to complain about anything. --- End quote --- My choices for 2FA aren't my choice. For example, I couldn't provide a second email address. I basically have to own a cell phone or some kind of device which could scan and understand a QR code. Otherwise, why couldn't my web browser just look at the QR code and provide it's own answer. What if I only have a land line, no cell phone. |
| Shonky:
--- Quote from: BrianHG on August 16, 2023, 11:31:58 pm --- --- Quote from: Shonky on August 16, 2023, 10:39:17 pm --- --- Quote from: RoGeorge on August 16, 2023, 09:48:52 pm --- --- Quote from: Veteran68 on August 16, 2023, 09:22:16 pm ---As others have said, 2FA is going to be unavoidable with most legitimate providers, and it really shouldn't be feared or resisted. --- End quote --- No, it should be optional. --- End quote --- Why? They're providing a service. They want it secure to protect your account and them. You're making a mountain out of a molehill. Bitwarden already essentially autofills. I'm sure other password managers do also. It's really a non issue except for those who want to complain about anything. --- End quote --- My choices for 2FA aren't my choice. For example, I couldn't provide a second email address. I basically have to own a cell phone or some kind of device which could scan and understand a QR code. Otherwise, why couldn't my web browser just look at the QR code and provide it's own answer. What if I only have a land line, no cell phone. --- End quote --- Except what you're complaining about is not how it is at all. You don't need a cell phone, but I bet you have one so you're just arguing for the sake of it. There's even a specific statement right below the QR code that says: "Unable to scan? You can use the setup key to manually configure your authenticator app". Why aren't you complaining because your web browser can't "just look at the QR code and provide it's own answer." Not how 2FA works really but that's beside the point You just want to complain because you don't like it and are happy to ignore what has actually been implemented. |
| Navigation |
| Message Index |
| Next page |
| Previous page |