I only use google and Microsoft, it might be a good idea for me to look into this deeper for the future.
jc-myths 1 days ago [-]
Google auth, first and the only 2FA authenticator I ever used.
aerzen 13 hours ago [-]
Because some auth provider recommended it as the only app to use. While it is a good app, it does backup into Drive.
jjgreen 1 days ago [-]
That's been pending for a while, I'll just stop contributing code.
nextos 18 hours ago [-]
You don't need an app if you don't want one.
In a CLI, oath lets you calculate a TOTP.
But it's maybe a bit more insecure if you use the same machine.
codazoda 20 hours ago [-]
Why? You’re against 2FA? You couldn’t contribute without an account before, could you?
jjgreen 10 hours ago [-]
I'd had a GH account for ages under my own name, I closed that as soon as Microsoft took it over, moved all my repos to GitLab, good move. I opened a new GH account under a silly name [1] so I could collaborate with people still on it. Now I'm not really against 2FA, but don't use it myself, it adds friction, adds risk (what if you lose it), it seems too "theatrical" for my liking. You want to use 2FA? be my guest, live and let live etc. What I don't like is being told what to do with my account, particularly by someone like MicroSlop. I won't add 2FA to my GH account, so I'll not contribute any code to GH based projects, ho hum. As I understand it, I'll still be able to raise issues without 2FA, fine, and when 2FA becomes mandatory for that, I'll stop doing that too.
Lose what exactly? Decent 2FA setups make you confirm you've recorded a set of backup codes somewhere (they often recommend print and store in a safe, I find a secure note in a password manager works well) before activating it.
Furthermore plenty of TOTP applications offer secure backup and syncing features.
So again, what specifically do you think you're going to "lose"?
Authy but I’m considering moving to Apple Passwords so it’s all together.
ecesena 17 hours ago [-]
Same. To add some details, I used Authy because at the time it was the only app that would just work after upgrading my iphone. I never enabled their cloud mode, so only local 2FA codes.
threecheese 1 days ago [-]
Using GitHub MFA via the app on my iPhone.
nickcageinacage 1 days ago [-]
yea. I'm pretty sure they want separate authenticator app or browser extension
paulG12 1 days ago [-]
So now I need my damn phone to push something. Great. What's next, my national ID?
stephenr 2 hours ago [-]
If by need you mean, can choose to use, and if by push you mean, login to the GitHub web ui, then sure.
nickcageinacage 1 days ago [-]
lmao welp. that is the path other apps are going so i wouldnt be surprised
pickle-wizard 1 days ago [-]
I use a passkey that is in iCloud Keychain.
tacostakohashi 7 hours ago [-]
KeepassXC
riidom 20 hours ago [-]
on phone: 2FA Manager from OpenStore on UBports phone
on work laptop: 1PW
cyberclimb 21 hours ago [-]
Checkout Ente Auth
stalfosknight 1 days ago [-]
iCloud Keychain
mindwork 1 days ago [-]
I still use Authy tbh
bjourne 1 days ago [-]
Microsoft showing 2FA down everyone's throat is quite painful. I don't for a second believe they are only using my phone number for authentication. They are storing the data and they are correlating it with other apps they force 2FA on.
stephenr 1 days ago [-]
So don't give them your phone number.
Arguing against 2FA is like arguing that they shouldn't bash your password because it means you can't see your password to help remember it.
Bitwarden Authenticator (local) https://bitwarden.com/products/authenticator/
Ente (encrypted cloud backup) https://ente.com/auth/
In a CLI, oath lets you calculate a TOTP.
But it's maybe a bit more insecure if you use the same machine.
[1] https://github.com/noproblemwiththat
Lose what exactly? Decent 2FA setups make you confirm you've recorded a set of backup codes somewhere (they often recommend print and store in a safe, I find a secure note in a password manager works well) before activating it.
Furthermore plenty of TOTP applications offer secure backup and syncing features.
So again, what specifically do you think you're going to "lose"?
on work laptop: 1PW
Arguing against 2FA is like arguing that they shouldn't bash your password because it means you can't see your password to help remember it.