| General > General Technical Chat |
| How to bypass GitHub's new 'Enable two-factor authentication'. |
| << < (13/14) > >> |
| Shonky:
--- Quote from: m12lrpv on November 01, 2023, 02:03:47 am --- --- Quote from: Shonky on November 01, 2023, 01:25:01 am --- --- Quote from: m12lrpv on November 01, 2023, 12:00:18 am ---The big issue though is that github is often accessed from multiple devices but they only allow the single registration of an authentication app. So multi device access to github ends with this 2fa implementation unless you authenticate using a device you carry with you all the time or a secret string token that you carry written down all the time so you can register other authenticator applications --- End quote --- No. That's not how it works at all. You can quite easily have the 2FA secret on multiple devices and it will produce the same number. --- End quote --- Incorrect. Github Only allows one of each type. Don't preach about things you don't understand. --- Quote from: Shonky on November 01, 2023, 01:25:01 am --- --- Quote from: m12lrpv on November 01, 2023, 12:00:18 am ---Thanks Github. Now my account is less secure because I have a something I need to write down or save on a file system rather than a password that only existed in my head an no one else knew. --- End quote --- Congratulations on not understanding how 2FA works. Hint: it's the "2". --- End quote --- Every 2fa is basically 1fa. You're just one password reset request away from full access once that 2fa key is exposed. Congratulations on not understanding the reality of 2fa. --- End quote --- Absolutely you can have the TOTP running on more than one device. Try and understand how TOTP works. Nope. That's not how the Github password reset works. You need access to email to reset the password which is a third factor. Get it? |
| julian1:
Does Gitlab try to monetarize (or carve-out a future right to) their customer's content with AI engines, like co-pilot? |
| Noloader:
--- Quote from: BrianHG on August 16, 2023, 05:05:14 pm ---I received an email warning me I will loose access to my GitHub account unless I enable 2FA.... Now I do not want to give them my private cell phone number to receive the SMS... --- End quote --- I use KDE's KeySmith, <https://apps.kde.org/keysmith/>. It works just fine for M$ 2FA. In fact, I have KeySmith running on two laptops and a desktop. There's no need to run it from a cell phone. I did not have to install M$ warez, like a closed source app. I did not provide M$ with any personal information, like my cell phone number. |
| Karel:
Keysmith works ok, I just installed it in order to be able to continue to access pypi.org: https://blog.pypi.org/posts/2023-12-13-2fa-enforcement/ Regarding github, I didn't register a phone number but they sent me verification codes to the email address I used for registering in order access. But I moved to Gitlab anyway years ago already when microsoft put her claws on it. I only login on github if I want to report an issue in somebody else's repo. |
| SiliconWizard:
--- Quote from: Karel on December 15, 2023, 02:31:14 pm ---But I moved to Gitlab anyway years ago already when microsoft put her claws on it. I only login on github if I want to report an issue in somebody else's repo. --- End quote --- Yes. Gitlab has a more "aggressive" approach to sales though, as far as I've seen. The free accounts are much more limited than github's ones (which have very few limitations in comparison). That's ok for personal projects usually, but from the limits I've seen, for anything more serious with many contributors, you'd need a paid plan. Not that it's overly expensive, but something to consider. Of course, we know how MS gets its money from, nothing is free. But as a user (i have no account at Gitlab), you may have some details about that to add. |
| Navigation |
| Message Index |
| Next page |
| Previous page |