this post was submitted on 22 Aug 2023
381 points (98.7% liked)

Technology

33586 readers
231 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.

Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.

Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
[email protected]
381
GitHub to require 2FA on accounts by October 6, 2023 (github.blog)
submitted 10 months ago* (last edited 10 months ago) by [email protected] to c/[email protected]
137 comments fedilink hide all child comments
 

I personally am fine with this.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 10 points 10 months ago (1 children)

Just use your pen and paper.

[–] [email protected] -2 points 10 months ago (2 children)

I can do that with alphanumeric codes, yeah, but can I get alphanumeric codes from GitHub, or is it going to be a QR code? I can't write down a QR code…

[–] [email protected] 3 points 10 months ago* (last edited 10 months ago) (1 children)

QR codes are just an encoding. Just use any half-competent QR code app, and it will give you it's content, which you can then write down. For the reverse you can use any QR code generator.

[–] [email protected] -2 points 10 months ago (1 children)

How do I feed the generated QR code back to GitHub, then? Can I upload an image of it?

[–] [email protected] 4 points 10 months ago (1 children)

Have you ever used any website with 2FA? You don't need to upload QR codes.

[–] [email protected] -1 points 10 months ago (1 children)

I've only used SMS and Steam 2FA so far. I've been avoiding 2FA as much as I can.

[–] [email protected] 3 points 10 months ago

Okay, so generally the way it works is you have some app (e.g. Google Authenticator, 1password, Aegis, Bit warden -- anything that supports TOTP). When you enable 2FA for a site, it'll give you a QR code. You scan that with your app and then the app gives you a six digit code that changes every 30 seconds.

The QR code is really just an easy way to get a long string of characters into your app, though, and if the QR code doesn't work there should be an option to see the raw code and manually enter it.

You enter that code in once to confirm that you have actually set up the 2FA. Then it will show you a list of recovery codes. It'll only show you these once; it doesn't store them anywhere. You need to note them down in whatever way suits you best (I print mine; you could also just write them down). You cannot see these again. The best you can do, if you still have access to your account, is generate new ones (probably by disabling and re-enabling 2FA)

Now, whenever you login, you'll be asked for your authenticator code (much like an SMS). You just open whatever app you used and enter in whatever code it's currently showing (remember it's time based).

If your authenticator app gets messed up somehow, you can recover it using your recovery codes.

[–] [email protected] 2 points 10 months ago

The recovery codes come as a set of numbers