top | item 31276290

(no title)

mdb31 | 3 years ago

Yet, if you go into the "enable 2FA" settings on Github, you only get the option to enable insecure TOTP or SMS.

Apparently, once you do that, you might be able to add proper authentication. But no word on whether that then replaces the obsolete methods you were forced to configure earlier.

But, yes, right on track to enforce 2FA in 2023, I see...

discuss

Nzen|3 years ago

Github requires [0] the first 2FA mechanism to be totp or sms. Thereafter, you can add a webauthn compatible hardware key.

[0] https://docs.github.com/en/authentication/securing-your-acco...

roblabla|3 years ago

Why though? That makes absolutely no sense.

pc86|3 years ago

Since when is TOTP obsolete?

mdb31|3 years ago

> Since when is TOTP obsolete?

Since about the moment that teams all over the world discovered they could just paste the enrollment QR code (a.k.a. private key) into their wikis, and thereby continue unlimited sharing of their role accounts?

So, I guess 30 seconds after its introduction?