this post was submitted on 19 Aug 2023
143 points (98.0% liked)

Open Source

29009 readers
171 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 4 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
143
GitHub is slowly rolling in 2FA. Any good open source apps that will enable me to activate 2FA token on android? (szmer.info)
submitted 10 months ago by [email protected] to c/[email protected]
103 comments fedilink hide all child comments
 

If proprietary app is better and more robust I am willing to try it and assess it myself.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 10 months ago* (last edited 10 months ago) (4 children)

I know it is an unpopular opinion, but it is a huge headache in general. I don't think the theoretical benefits (which make total sense) actually pay off in reality and are worth the extra headache. I'm not saying they should not have it at all, but it should be at least opt-out instead of forced.

In the case of github, I think it is part of their long drawn out plan of data collection and proprietary lock down. Next they are going to require your house address and government ID. I feel better using an free and open source platform anyway.

[–] [email protected] 2 points 10 months ago

How exactly could a site collect more of your data through 2fa?

[–] [email protected] 1 points 10 months ago

Well, if you use a password manager such as bitwarden you can store your 2FA one ctrl-v away. Even if this is a less secure setup, that still prevents someone eavesdropping on your password from reusing it.

[–] [email protected] 1 points 10 months ago

Unless you clear cookies constantly, you need to login just once in a while, where is this huge headache? Password get stolen, 2FA protect you from that.

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago)

Where does this even come from, passwords are increasingly insecure and adding another factor, especially authenticator codes, doesn't even require you to give up a single new piece of personal information. The entire thing is just adding a local code that your program of choice remembers and uses to generate the one-time password. No data collection, no proprietary software. Other areas might be doing bad shit for all I know, but this change is entirely a forced security measure because people are too bad at passwords.

After seing the frequent attempted logins on my Microsoft account, I'm "just" a lucky guess away from losing it if I do not have another thing blocking access.