this post was submitted on 22 Aug 2023
381 points (98.7% liked)

Technology

33611 readers
362 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.

Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.

Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
[email protected]
381
GitHub to require 2FA on accounts by October 6, 2023 (github.blog)
submitted 10 months ago* (last edited 10 months ago) by [email protected] to c/[email protected]
137 comments fedilink hide all child comments
 

I personally am fine with this.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 10 months ago (29 children)

No offense to companies but I'm honestly sick of companies forcing 2fa. Every single one seems to have a different shitty way of doing it. Like why on earth do I need two different authenticator apps on my phone (authy&google authenticator)? Some do sms/phone number, but then yell at you and prevent you from doing 2fa if you have a "bad phone number". This happened on discord where I'm locked out of certain servers because I can't do phone verification, and I can't do it because discord doesn't like my phone number. Twitter was the same way for a long while (couldn't do 2fa/phone verification due to them not liking my number).

From the article it sounds like they're doing authenticator app or sms. I'm guessing sms won't work for me, so app it is. I decided to dig to see which authenticator app they use and they list: 1password, authy, lastpass, and microsoft.... no google?

Honestly, even email requirements for accounts is annoying because you know it just ends up spamming you. is the future where we're gonna have to have 30 different authenticator apps on our phone?

[–] [email protected] 6 points 10 months ago (6 children)

Anyone who claims they're doing OTPs over SMS for "security" ia lying to you. Discord wants your phone number; it has nothing to do with your security

[–] [email protected] 3 points 10 months ago (2 children)

there's quite a lot of services that want phone for verification/2fa/whatever. whenever I run into them I usually just refuse to use the service altogether.

[–] [email protected] 4 points 10 months ago

How do you even use the internet? I mean, you could never book a flight, use any food rewards program, book a ride share, etc. Almost everything uses my phone number for 2FA.

[–] [email protected] 2 points 10 months ago (2 children)

There is literally no bank in my country that doesn't use sms for 2fa.

[–] [email protected] 4 points 10 months ago

Yes banks are terrible about this, and it makes no sense

[–] [email protected] 2 points 10 months ago (1 children)

what happens if you don't have a phone number? you're just prevented from having a bank account?

[–] [email protected] 2 points 10 months ago* (last edited 10 months ago)

You can have a bank account, but you wouldn't be able to do online or mobile banking.

Sms is the only 2fa option (some offer email as well, but last I checked all fall back on sms), and it's mandatory for online/mobile.

load more comments (3 replies)
load more comments (25 replies)