waxwing on nostr

Open in Damus

@waxwing 1692826970

I'm not best pleased that github is going to enforce me to use 2FA in the next month or two.

Security through trusted third parties is attractive but danger is lurking within that model.

Anyway, has anyone decided to do anything other than the obvious "authenticator app on the phone"? Because I'm pretty wary of it.

272❤️3🤙3❤️1🎯1💯1

sommerfeld · 135w

They support security hardware keys. Bitwarden also supports TOTP for 2FA.

Sjors Provoost (possibly compromised) · 135w

I had 2FA on phone long before they enforced it. US government already has acces to ,y stuff since it's Microsoft. So don't care about NSA backdoor in the 2FA app.

Steven Day · 135w

You can probably get something that pulls the QR code into a otp string and store that somewhere. The format is usually like this: otpauth://totp/your%40email.com?issuer=SomeService&secret=YOURSECRETTOKEN Then you can pop that into most password managers and Authenticator apps. This way you don...

Mabardino 🍀 · 135w

I decided to buy 2 yubikeys last year, very much recommend

Jameson Lopp · 135w

Why don't you like yubikey? I've got several registered to my GitHub account so none are a single point of failure.

mystik ninja · 135w

Is a passkey out of question?

takinbrrrr · 135w

The “third party” doesn’t have access to your password and they can’t gain access to your account with just the 2FA! If for some reason you don’t like yubikeys, there are several open source U2F devices you can also use on https://www.crowdsupply.com/.

Cyber Seagull · 135w

2FA beyond email verification on login ?

HonkMonster · 135w

Bitwarden. Cross platform, self hosted or cloud.

I use bitwarden with yubikey

why are you wary of totp 2fa apps?

Wonteet Zebugs · 135w

Maybe this on linux? "Use oathtool Linux command line for 2 step verification (2FA)" https://www.cyberciti.biz/faq/use-oathtool-linux-command-line-for-2-step-verification-2fa/

I have two yubikeys registered. One just sits in a safe deposit box as a backup.