General > General Technical Chat
How to bypass GitHub's new 'Enable two-factor authentication'.
<< < (9/14) > >>
Halcyon:

--- Quote from: RoGeorge on August 16, 2023, 09:48:52 pm ---
--- Quote from: Veteran68 on August 16, 2023, 09:22:16 pm ---As others have said, 2FA is going to be unavoidable with most legitimate providers, and it really shouldn't be feared or resisted.
--- End quote ---

No, it should be optional.

--- End quote ---

Why?

It's there to protect you and your account. Cyber attacks are getting increasingly sophisticated and ultimately, people are lazy and use recycled, weak or compromised passwords all the time. Whilst you might use a strong password, doesn't mean that it can't be compromised in a data breach.

People should embrace multifactor authentication as it's here to stay. Its implementation is as difficult as you make it. For me, I use Bitwarden both on my PC and my phone, so I always have my TOTP codes with me, which is tied to my Yubikey that's always in my pocket (or nearby).
PlainName:

--- Quote ---It's there to protect you and your account.
--- End quote ---

Do you log into your PC? I don't mean do you have a password set up, but do you have to manually enter it every time you go to your PC? I recall that one upon a time at least one Linux distro enforced that, but even they succumbed to allowing auto logon.

Now we're in a highly connected world with IoT providers tunnelling on the LAN, how is that really different to the cloud? There's even more risk here since someone could just not hack and physically sit at the machine.


--- Quote ---People should embrace multifactor authentication as it's here to stay
--- End quote ---

You'll change your mind when you have to do 2FA instead of swiping to access your phone :)
madires:
Unfortunately, not everyone is grown up and is able to assess the risks. So someone tries to help (or force) those experts to follow best current practice. If a widely used library is affected you'll have a nice supply attack wreaking havoc.
Halcyon:

--- Quote from: PlainName on August 17, 2023, 10:08:01 pm ---
--- Quote ---It's there to protect you and your account.
--- End quote ---

Do you log into your PC? I don't mean do you have a password set up, but do you have to manually enter it every time you go to your PC? I recall that one upon a time at least one Linux distro enforced that, but even they succumbed to allowing auto logon.

Now we're in a highly connected world with IoT providers tunnelling on the LAN, how is that really different to the cloud? There's even more risk here since someone could just not hack and physically sit at the machine.


--- Quote ---People should embrace multifactor authentication as it's here to stay
--- End quote ---

You'll change your mind when you have to do 2FA instead of swiping to access your phone :)

--- End quote ---

Yes, I login to my PC manually every time I sit down at the chair. It takes 2 seconds. Even when I'm switching between users, I enter the password each time.

As for TOTP codes, even on my phone Bitwarden automatically copies them to clipboard for me when I'm logging into a site/service that requires it. It's extremely simple to use and doesn't require swapping between applications.
PlainName:

--- Quote from: Halcyon on August 17, 2023, 10:23:30 pm ---Bitwarden

--- End quote ---

Great that it works for you. It won't for me because it's online and doesn't support Windows 7. I have no desire to swap my open source existing solution for another more onerous open source solution, just as you no doubt wouldn't want to use some of the stuff that I would rave about.

[And TOTP is a paid option, and even self-hosting requires online license download. Fail to pay, no more bitwarden for you. No thanks - I want secure password store, not reliant on some paid cloud thing.]
Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod