So what's the problem with setting up TOTP 2FA?
this post was submitted on 06 Jan 2025
27 points (77.6% liked)
GitHub
120 readers
1 users here now
A community for discussion and posts relating to github https://github.com/
founded 11 months ago
MODERATORS
Never took the time to properly set it up and look at it. :/ And at least with the 2FA Apps I want to properly understand them before using them, but you are probably correct.
Standard TOTP 2FA is simple. You get a token when you enable 2FA, which you enter into the app (often there's a QR code you can scan, but it's always possible to enter it manually). The app generates a code (usually six digits) based on the token and the current time. Then when you log into GitHub you enter that code when prompted. That's it.
Thanks for the explanation and I was just starting to look into them myself and I have to say, they look good, simple and private. Any recommendation for an local 2FA App with automatic local backups? Currently looking at Aegis
Aegis is popular and will serve the purpose.
As an alternative to 2FA (mobile) apps, you can also use password managers like KeePass. They (or some of them) support 2FA/TOTP.
Oh, nice! Thanks for pointing that out, I never noticed it before. Since I’m already using KeePass, that will be the way to go for me.
I wonder if it was only because of 2FA, or because of it in combination with being flagged for suspicious behavior [patterns]?
we will officially begin rolling out our initiative to require all developers who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023
If your account is selected for enrollment, you will be notified via email and see a banner on GitHub.com, asking you to enroll. You’ll have 45 days to configure 2FA on your account—before that date nothing will change about using GitHub except for the reminders. We’ll let you know when your enablement deadline is getting close, and once it has passed you will be required to enable 2FA the first time you access GitHub.com. You’ll have the ability to snooze this notification for up to a week, but after that your ability to access your account will be limited. Don’t worry: this snooze period only starts once you’ve signed in after the deadline, so if you’re on vacation or out of office, you’ll still get that one week period to set up 2FA when you’re back at your desk.
They also describe why the requirement makes sense/is necessary.
No mention of commenting issues etc. I suspect missing 2FA is just one factor that got you flagged.
Software security or copilot training dataset security?
supply chain security
Ahh, yep that one is rather important and often overlooked
This happened to me too. Flagged for some reason on my hobbyist account. I switched to Gitlab the same day.
Get a vpn to europe and try to claim your newfound right to be forgotten?
Already in Europe and that is what I did. (See comment with mail below)
Why wouldn’t you want to enable totp? You can do so in like 15 different ways including hardware keys.
Sounds like css disabling the button. You can fix that.
tbf I didn't look, but I would be surprised if that worked.
I just wrote a nice mail to their privacy inbox :D :
Mail
"I hereby request the deletion of the GitHub account "Xamrica" and all associated data connected to this email address ("[email protected]") based on GDPR Art. 17, and a confirmation of the successful deletion (Art. 19).
If any data is still retained after the initial deletion, I also request a list of all remaining data, the legal basis for its retention, and the expected deletion date based on GDPR Art. 15.
Furthermore, I would like to request confirmation of any future data deletions from the data list mentioned above, unless you can prove that it "involves disproportionate effort" (GDPR Art. 19).
Thank you."