General > General Technical Chat
How to bypass GitHub's new 'Enable two-factor authentication'.
PlainName:
What in 'TOTP' doesn't mean 'TOTP'?
Well, whatever. I tried to work it out, even went into the manual which is where I found that a local server install (yuk, no thanks - standalone app is read only, so if your server goes...) still requires a license download. You will probably say it doesn't say that or says it in a different way to what it says. :-//
Shonky:
You don't run their server. Don't know about the read only bit. You run vaultwarden which is bitwarden compatible and unlocks most of the premium features. You can backup the server no problem (files are all encrypted on disk). You also have encrypted copies on all of your devices that you sync with.
Anyway you're set with whatever you're using so good luck with that.
bingo600:
Would this one do ??
https://freeotp.github.io/
/Bingo
Shonky:
That should work fine. The actual concept is pretty simple. Take a key and store it securely and then mathematically generate a number based on that key and the current time.
So the main things you want to consider IMO:
- how securely the keys are stored on your phone/device - is it encrypted or protected itself?
- keeping backups somehow - some services may be hard to access if you lose your key(s). The services often have recovery codes or other methods for account recovery for this situation. You need to store them somewhere again preferably securely.
m12lrpv:
And here I am because I just got the github email and was hoping for a bypass. It was an interesting thread read especially from the zealots of 2fa who constantly ignore the fact that in almost every implemented instance 2fa reduces security below that of a password because all that in needed to take an account now is some social engineering to facilitate an esim swap in order to reset a password.
The zealots need to be forced to pay for phones for people to use for 2fa apps. That would end 2fa real quick. It certainly shuts them up at work when they want me to use my phone and I tell them they need to supply the phone because they're not allowed to use mine.
The big issue though is that github is often accessed from multiple devices but they only allow the single registration of an authentication app. So multi device access to github ends with this 2fa implementation unless you authenticate using a device you carry with you all the time or a secret string token that you carry written down all the time so you can register other authenticator applications
Thanks Github. Now my account is less secure because I have a something I need to write down or save on a file system rather than a password that only existed in my head an no one else knew.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version