this post was submitted on 05 Jun 2024
50 points (79.1% liked)

Open Source

31354 readers
199 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

Just wondering what people are using to meet the 2FA requirement GitHub has been rolling out. I don't love the idea of having an authenticator app installed on my phone just to log into GitHub. And really don't want to give them my phone number just to log in.

Last year, we announced our commitment to require all developers who contribute code on GitHub.com to enable two-factor authentication (2FA)...

you are viewing a single comment's thread
view the rest of the comments
[–] thingsiplay@beehaw.org 3 points 5 months ago (1 children)

That's a big far fetched from reality, just to build an anti argument. I don't know where you live, but in Germany this cannot happen. You can't just order a sim to any address and use the phone number of you wish. You have to provide with 100% certainty that you are the owner of the sim card, as every new registered card/number has to provide your goverment id and your personal signature. Also taking old phone number to new account can only happen, if you provide proof you owned it in the first place.

If you know any case (here in Germany) someone could steal the phone number like you just described, please provide a link. This would be a huge security issue that should not be possible to happen. Nobody in the world can do that to my phone number and I think you just fabricate something that is not possible in Germany.

[–] rcbrk@lemmy.ml 3 points 5 months ago (1 children)

Ah, that's good then.

In Australia you really only need a name and date of birth and ID such as a passport or driving license number of the owner. No physical or even photographic proof. Some phone companies send the original sim a notification before moving it, but no response is required and moving the number often only takes 10~30mins.

Banks in Australia commonly use sms codes as 2fa.

A large percentage (20~30%?) of adult Australians have had their ID details leaked in recent years because there are no adequately enforced security requirements or data-retention limits. One of the largest breaches was the second largest mobile phone provider...

[–] thingsiplay@beehaw.org 1 points 5 months ago (1 children)

I see. Off course I only speak from my environment. Even if ID details would have leaked, it should be impossible for someone to get my phone number, even if the person knows my name and phone number and any ID details.

It's actually quite hard to get authenticated for a new phone number in my opinion. In example last year I setup this new number and at first try it did not work, without giving any reason that could give a hint. I ended up buying a different prepaid sim card and the process was the same: go to bank, and do all the shenanigans and dance.

BTW sorry for my previous inflammatory language; I get heated up pretty quickly. And you stayed cool.

[–] rcbrk@lemmy.ml 2 points 5 months ago

No worries. The situation I was describing is indeed absurd and defies reasonable expectations.