General > General Technical Chat

How to bypass GitHub's new 'Enable two-factor authentication'.

<< < (5/14) > >>

ejeffrey:

--- Quote from: BrianHG on August 17, 2023, 01:57:33 am ---What's an authenticator app?
Is it something I install on my PC?
Is it something I add to my FireFox browser?

--- End quote ---

TOTP https://en.m.wikipedia.org/wiki/Time-based_one-time_password

It's a standard protocol for generating time limited single use passwords.  If you scroll down to the bottom of the Wikipedia page there is a link to a client comparison page that will tell you what options support what platforms.  There are many available for windows, Linux, MacOS, android, and iPhone.  You can set them up using a QR code or by manually entering a code provided by the server.

After that, when you authenticate it will ask you for a code.  You open the app and type in the number shown.  Someone who snoops the code can't get the next code.


--- Quote ---I will try looking for a windows install of TOTP to see if I can make that work.  But if I need special usb key or PC hardware, that probably wont work as my PC hardware is a decade old.

--- End quote ---

You only need one or the other although GitHub lets you set up multiple authentication options if you want.  The USB security key is just a simple USB device with a touch sensor. Any computer with a USB port will work fine, so pretty much anything from this millennium.  You also need a browser that is not ancient but I think Firefox has supported U2F tokens for ~5 years now.  The advantage of U2F is that the authentication can't be phished, it authenticates your browser directly to the server so it protects against man in the middle / fake login pages.  It's the most secure option but requires special hardware.  It's not terribly expensive but it isn't free.

Shonky:

--- Quote from: Someone on August 17, 2023, 02:25:19 am ---Github are providing many choices to the user, but they don't want to be on the hook for supporting all the possible implementations. I like their approach and it just needs a little line sprinkled through the documentation something like "we're using standard protocols for our 2FA and there are a range of 3rd party solutions for providing the additional authentication"

--- End quote ---
Just on this, in the "Passwords and authentication" tab it says:


--- Quote ---Two-factor authentication
Two-factor authentication adds an additional layer of security to your account by requiring more than just a password to sign in. Learn more about two-factor authentication.

--- End quote ---

And "Learn more about two-factor authentication." links to https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication with plenty of details for options to use. There is a heap of info there with options.

https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication

KE5FX:

--- Quote from: BrianHG on August 17, 2023, 02:59:11 am ---All I have done was create some HDL code to share and post it on a GitHub repository.  I just wanted to share some original code.

--- End quote ---

Do what I still do, just upload it to a static page somewhere.  We don't need no steeeeenkin' SSL or no steeeeeenkin' 2FA.

ixfd64:
Hmm... my GitHub account is not linked to a phone number, and I haven't received such an email. I wonder if this is something that's being gradually rolled out to users.

BrianHG:

--- Quote from: ejeffrey on August 17, 2023, 04:01:54 am --- The USB security key is just a simple USB device with a touch sensor.   It's the most secure option but requires special hardware.  It's not terribly expensive but it isn't free.

--- End quote ---
Are you saying I need to buy some hardware to access GitHub?
I'm beginning to like 'KE5FX's idea except I know I will never get any traffic with some blind web page out there.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod