General > General Technical Chat
How to bypass GitHub's new 'Enable two-factor authentication'.
ejeffrey:
--- Quote from: BrianHG on August 17, 2023, 01:57:33 am ---What's an authenticator app?
Is it something I install on my PC?
Is it something I add to my FireFox browser?
--- End quote ---
TOTP https://en.m.wikipedia.org/wiki/Time-based_one-time_password
It's a standard protocol for generating time limited single use passwords. If you scroll down to the bottom of the Wikipedia page there is a link to a client comparison page that will tell you what options support what platforms. There are many available for windows, Linux, MacOS, android, and iPhone. You can set them up using a QR code or by manually entering a code provided by the server.
After that, when you authenticate it will ask you for a code. You open the app and type in the number shown. Someone who snoops the code can't get the next code.
--- Quote ---I will try looking for a windows install of TOTP to see if I can make that work. But if I need special usb key or PC hardware, that probably wont work as my PC hardware is a decade old.
--- End quote ---
You only need one or the other although GitHub lets you set up multiple authentication options if you want. The USB security key is just a simple USB device with a touch sensor. Any computer with a USB port will work fine, so pretty much anything from this millennium. You also need a browser that is not ancient but I think Firefox has supported U2F tokens for ~5 years now. The advantage of U2F is that the authentication can't be phished, it authenticates your browser directly to the server so it protects against man in the middle / fake login pages. It's the most secure option but requires special hardware. It's not terribly expensive but it isn't free.
Shonky:
--- Quote from: Someone on August 17, 2023, 02:25:19 am ---Github are providing many choices to the user, but they don't want to be on the hook for supporting all the possible implementations. I like their approach and it just needs a little line sprinkled through the documentation something like "we're using standard protocols for our 2FA and there are a range of 3rd party solutions for providing the additional authentication"
--- End quote ---
Just on this, in the "Passwords and authentication" tab it says:
--- Quote ---Two-factor authentication
Two-factor authentication adds an additional layer of security to your account by requiring more than just a password to sign in. Learn more about two-factor authentication.
--- End quote ---
And "Learn more about two-factor authentication." links to https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication with plenty of details for options to use. There is a heap of info there with options.
https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication
KE5FX:
--- Quote from: BrianHG on August 17, 2023, 02:59:11 am ---All I have done was create some HDL code to share and post it on a GitHub repository. I just wanted to share some original code.
--- End quote ---
Do what I still do, just upload it to a static page somewhere. We don't need no steeeeenkin' SSL or no steeeeeenkin' 2FA.
ixfd64:
Hmm... my GitHub account is not linked to a phone number, and I haven't received such an email. I wonder if this is something that's being gradually rolled out to users.
BrianHG:
--- Quote from: ejeffrey on August 17, 2023, 04:01:54 am --- The USB security key is just a simple USB device with a touch sensor. It's the most secure option but requires special hardware. It's not terribly expensive but it isn't free.
--- End quote ---
Are you saying I need to buy some hardware to access GitHub?
I'm beginning to like 'KE5FX's idea except I know I will never get any traffic with some blind web page out there.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version