General > General Technical Chat
How to bypass GitHub's new 'Enable two-factor authentication'.
<< < (5/14) > >>
ejeffrey:

--- Quote from: BrianHG on August 17, 2023, 01:57:33 am ---What's an authenticator app?
Is it something I install on my PC?
Is it something I add to my FireFox browser?

--- End quote ---

TOTP https://en.m.wikipedia.org/wiki/Time-based_one-time_password

It's a standard protocol for generating time limited single use passwords.  If you scroll down to the bottom of the Wikipedia page there is a link to a client comparison page that will tell you what options support what platforms.  There are many available for windows, Linux, MacOS, android, and iPhone.  You can set them up using a QR code or by manually entering a code provided by the server.

After that, when you authenticate it will ask you for a code.  You open the app and type in the number shown.  Someone who snoops the code can't get the next code.


--- Quote ---I will try looking for a windows install of TOTP to see if I can make that work.  But if I need special usb key or PC hardware, that probably wont work as my PC hardware is a decade old.

--- End quote ---

You only need one or the other although GitHub lets you set up multiple authentication options if you want.  The USB security key is just a simple USB device with a touch sensor. Any computer with a USB port will work fine, so pretty much anything from this millennium.  You also need a browser that is not ancient but I think Firefox has supported U2F tokens for ~5 years now.  The advantage of U2F is that the authentication can't be phished, it authenticates your browser directly to the server so it protects against man in the middle / fake login pages.  It's the most secure option but requires special hardware.  It's not terribly expensive but it isn't free.
Shonky:

--- Quote from: Someone on August 17, 2023, 02:25:19 am ---Github are providing many choices to the user, but they don't want to be on the hook for supporting all the possible implementations. I like their approach and it just needs a little line sprinkled through the documentation something like "we're using standard protocols for our 2FA and there are a range of 3rd party solutions for providing the additional authentication"

--- End quote ---
Just on this, in the "Passwords and authentication" tab it says:


--- Quote ---Two-factor authentication
Two-factor authentication adds an additional layer of security to your account by requiring more than just a password to sign in. Learn more about two-factor authentication.

--- End quote ---

And "Learn more about two-factor authentication." links to https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication with plenty of details for options to use. There is a heap of info there with options.

https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication
KE5FX:

--- Quote from: BrianHG on August 17, 2023, 02:59:11 am ---All I have done was create some HDL code to share and post it on a GitHub repository.  I just wanted to share some original code.

--- End quote ---

Do what I still do, just upload it to a static page somewhere.  We don't need no steeeeenkin' SSL or no steeeeeenkin' 2FA.

ixfd64:
Hmm... my GitHub account is not linked to a phone number, and I haven't received such an email. I wonder if this is something that's being gradually rolled out to users.
BrianHG:

--- Quote from: ejeffrey on August 17, 2023, 04:01:54 am --- The USB security key is just a simple USB device with a touch sensor.   It's the most secure option but requires special hardware.  It's not terribly expensive but it isn't free.

--- End quote ---
Are you saying I need to buy some hardware to access GitHub?
I'm beginning to like 'KE5FX's idea except I know I will never get any traffic with some blind web page out there.
Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod