this post was submitted on 05 Jun 2024
50 points (79.1% liked)

Open Source

31396 readers
156 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

Just wondering what people are using to meet the 2FA requirement GitHub has been rolling out. I don't love the idea of having an authenticator app installed on my phone just to log into GitHub. And really don't want to give them my phone number just to log in.

Last year, we announced our commitment to require all developers who contribute code on GitHub.com to enable two-factor authentication (2FA)...

you are viewing a single comment's thread
view the rest of the comments
[–] Tramort@programming.dev 98 points 5 months ago (7 children)

It's fine. The added security is huge

The problem is when they want you to install their TOTP app in order to authenticate (I'm looking at you, steam... fuck off)

[–] n2burns@lemmy.ca 24 points 5 months ago* (last edited 5 months ago) (3 children)

I think I'd still prefer to use a 3rd-Party TOTP app but at least Steam's app adds some value by pushing a notification when you login.

[–] scrubbles@poptalk.scrubbles.tech 24 points 5 months ago

Steam is okay in my book because steam was the OG 2FA provider. They forced 2FA on everyone, all the way back in 2007, they took security seriously before anyone else really cared. So, they're grandfathered in.

[–] Andromxda@lemmy.dbzer0.com 2 points 5 months ago

You can use Steam with a regular third-party TOTP authenticator, here's a guide on how to set it up: https://help.ente.io/auth/migration-guides/steam/

[–] SzethFriendOfNimi@lemmy.world 13 points 5 months ago

Exactly. At the end of the day there’s nothing being transmitted with OTP and using a standard app isn’t an issue.

[–] lemmyvore@feddit.nl 12 points 5 months ago (2 children)

If you're rooted, Aegis can import the seed from the Steam app then you don't need it anymore.

[–] Tramort@programming.dev 3 points 5 months ago (2 children)

Oh, that's awesome!

But I don't have root

[–] lemmyvore@feddit.nl 7 points 5 months ago* (last edited 5 months ago) (1 children)

You may be able to use an older version of the app that allowed ADB backups, and extract the seed from that.

Another approach is to extract it from the Steam desktop app.

No idea what companies think they're accomplishing by using non-standard TOTP apps (that actually do TOTP under the hood). Microsoft do it so they can track your location and report it to managers when you login because it's something that management asks for. Some companies do it so they can lock you into their services. No idea why Steam does it.

[–] Andromxda@lemmy.dbzer0.com 1 points 5 months ago (1 children)
[–] lemmyvore@feddit.nl 2 points 5 months ago

Thanks, I didn't know about steamguard-cli. And I was able to import the code into Aegis too (just had to set the type to "Steam" so it would generate 5-letter codes instead of normal TOTP)...

[–] peregus@lemmy.world 4 points 5 months ago
[–] jjlinux@lemmy.ml 3 points 5 months ago (1 children)

How's that? I've had TOTP in my github account for over a year, on Aegis, and I have not seen them asking me to do anything else.

[–] Tramort@programming.dev 6 points 5 months ago (1 children)

GitHub is not an offender right now, but I can easily imagine Microsoft forcing some MS OTP app in the future

[–] jjlinux@lemmy.ml 3 points 5 months ago

Agreed. It would surprise nobody.

[–] ChallengeApathy@infosec.pub 2 points 5 months ago (1 children)

I do agree but Steam's app isn't bad. It's great if you use Steam's social features and it makes secure login a total breeze.

[–] Tramort@programming.dev 2 points 5 months ago (1 children)

It's not that the app is good or bad. It's that you are FORCED to use it when there is no technical reason for that requirement.

Let me reiterate: fuck valve

[–] ChallengeApathy@infosec.pub 2 points 5 months ago

Sure, I don't disagree, it shouldn't be a requirement but because the app is good and makes the process easy, I don't have a problem with it.

[–] Andromxda@lemmy.dbzer0.com 1 points 5 months ago

You can use it with a regular TOTP app, just like with Steam (but it requires some additional setup: https://help.ente.io/auth/migration-guides/steam/)