this post was submitted on 05 Jun 2024
50 points (79.1% liked)

Open Source

31354 readers
188 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

Just wondering what people are using to meet the 2FA requirement GitHub has been rolling out. I don't love the idea of having an authenticator app installed on my phone just to log into GitHub. And really don't want to give them my phone number just to log in.

Last year, we announced our commitment to require all developers who contribute code on GitHub.com to enable two-factor authentication (2FA)...

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Voroxpete@sh.itjust.works 2 points 5 months ago* (last edited 5 months ago) (1 children)

I love 1Password, they're great (I personally use Bitwarden for my passwords, but would happily recommend either of them). But by putting both your authenticator codes and your passwords in the same place, you now have a single point of failure. What happens if someone finds an exploit in 1Password that gives them access to your account? The whole point of 2FA is to not have a single point of failure.

I'll happily take that chance for the convenience. Even if 1password leaks, they don't have the keys to my vault. They would need my key and password to unlock it. The only time that isn't needed is if it's unlocked, which only is on my linux computer, which means they need to find an exploit with their app. In the 7 years I've used them I've never even heard a wiff of something even small happening.