| General > General Technical Chat |
| How to bypass GitHub's new 'Enable two-factor authentication'. |
| << < (4/14) > >> |
| BrianHG:
--- Quote from: Shonky on August 16, 2023, 11:37:52 pm --- --- Quote from: BrianHG on August 16, 2023, 11:31:58 pm --- --- Quote from: Shonky on August 16, 2023, 10:39:17 pm --- --- Quote from: RoGeorge on August 16, 2023, 09:48:52 pm --- --- Quote from: Veteran68 on August 16, 2023, 09:22:16 pm ---As others have said, 2FA is going to be unavoidable with most legitimate providers, and it really shouldn't be feared or resisted. --- End quote --- No, it should be optional. --- End quote --- Why? They're providing a service. They want it secure to protect your account and them. You're making a mountain out of a molehill. Bitwarden already essentially autofills. I'm sure other password managers do also. It's really a non issue except for those who want to complain about anything. --- End quote --- My choices for 2FA aren't my choice. For example, I couldn't provide a second email address. I basically have to own a cell phone or some kind of device which could scan and understand a QR code. Otherwise, why couldn't my web browser just look at the QR code and provide it's own answer. What if I only have a land line, no cell phone. --- End quote --- Except what you're complaining about is not how it is at all. You don't need a cell phone, but I bet you have one so you're just arguing for the sake of it. --- End quote --- I do have a private old no-app style cell phone for family emergencies, and it is not always with me. --- Quote ---There's even a specific statement right below the QR code that says: "Unable to scan? You can use the setup key to manually configure your authenticator app". --- End quote --- What's an authenticator app? Is it something I install on my PC? Is it something I add to my FireFox browser? --- Quote ---Why aren't you complaining because your web browser can't "just look at the QR code and provide it's own answer." Not how 2FA works really but that's beside the point You just want to complain because you don't like it and are happy to ignore what has actually been implemented. --- End quote --- No, I just not complaining. I just want a solution where I can make my PC log into GitHub as I do now. I don't mind working with a window's software install as long as it's nothing like a few 1's of megabytes or more to log in, but this is getting silly. I will try looking for a windows install of TOTP to see if I can make that work. But if I need special usb key or PC hardware, that probably wont work as my PC hardware is a decade old. |
| Peabody:
I downloaded WinAuth specifically for use at Github. It's a Windows desktop app. I was told it could be used at Github without a phone, but haven't actually tried it yet. |
| Someone:
--- Quote from: Shonky on August 16, 2023, 11:37:52 pm ---Except what you're complaining about is not how it is at all. You don't need a cell phone, but I bet you have one so you're just arguing for the sake of it. There's even a specific statement right below the QR code that says: "Unable to scan? You can use the setup key to manually configure your authenticator app". --- End quote --- I can see both sides to this. Github (as with most platforms deploying 2FA) make the assumption that 99.9% of end users will prefer to use their mobile phone and install an app for the 2FA. All their language and guides tell the user this is the way to do it. Nowhere that I have seen in the Github documentation is there any mention that "when we say app, there is also a range of desktop software that can do the job too". so the confusion for someone (such as BrianHG) who cant/won't use a phone, and isn't familiar with 2FA seems reasonable here Github are providing many choices to the user, but they don't want to be on the hook for supporting all the possible implementations. I like their approach and it just needs a little line sprinkled through the documentation something like "we're using standard protocols for our 2FA and there are a range of 3rd party solutions for providing the additional authentication" |
| Shonky:
--- Quote ---What's an authenticator app? Is it something I install on my PC? Is it something I add to my FireFox browser? --- End quote --- Did you kick up a similar fuss when git became the version control of choice? What's git? What's a rebase? What's a push? You're being completely inflexible just because you don't like something IMO. I really do not think it unreasonable for someone using a service like Github to have the ability to understand a 2 factor authentication method. You know how to use Google right? Windows TOTP or Windows 2FA gives numerous options And frankly the SMS method you're railing against is the option for those that don't want to use an authenticator app or in your case has a complete lack of knowledge on the subject and an apparent unwillingness to even try and learn. And whilst it is absolutely better than nothing, it has its own risks. There are four different 2FA methods in Github - auth app, SMS, security key or Github app. Based on your current stance you should stop using Github and find another free service. |
| BrianHG:
--- Quote from: Shonky on August 17, 2023, 02:54:18 am --- --- Quote ---What's an authenticator app? Is it something I install on my PC? Is it something I add to my FireFox browser? --- End quote --- What's a rebase? What's a push? --- End quote --- Actually I still do not know what is a rebase or what a push does. Whan I google for an answer, I get meaningless drab. All I have done was create some HDL code to share and post it on a GitHub repository. I just wanted to share some original code. |
| Navigation |
| Message Index |
| Next page |
| Previous page |