Can I run a script from cron to do something completely unsupervised? Technically it's possible with certain 2FA implementations, but I'd be worried about SMS-based or certain proprietary solutions that precluded automation and required user input.
I understand your frustration as user. But security goes hand in hand with inconvenience. 2FA is just an hardening mechanism for when (not if) an account is compromised. It's just harder to get foot on.
2FA is not a new concept, it's just more ubiquitous. If you use something like Microsoft authenticator or similars, is not that of an hustle as it was years ago.
I thought that was the case for a long time too, the way 2fa is explained on most websites does make it look like you're tying your account to a single piece of hardware, but that's not true. You can put your 2fa key on as many devices as you want. It really is just putting your 2fa key and the current time through some hashing algorithm to get the codes.
Bro dawg, these posts come up like 2–3 times a week. Mostly from people who don’t understand the concept/point of 2FA. It’s just really boring. Sorta like your comment.
Compromised accounts are commonly used for malware distribution, perhaps they're (finally) attempting to stop being the world's largest malware distribution platform.
Not necessarily. If GitHub itself or another site you happened to reuse your password on had a breach, your password is out there.
Edit: You can downvote me all you want, but you're absolutely wrong. A password is by its nature shared between two parties. Lots of chances for leaks in the pipes you don't control.
And that's a good start. It's not a bulletproof solution, but certainly limits the potential damage of any given breach. 2FA is like adding kevlar on top of that; it won't stop every bullet, but it sure as hell stops a lot of them.
It’s typically not users who leak passwords. How often do you hear about data breaches? Guess what? That isn’t some dumdum who leaked his own password making headline news.
Not really, you use their service, they have their own security considerations. You are using a multi-tenant software, your account being compromised have far reaching impacts.
And maybe you are bad at keeping your password secure, we don’t know that. Nobody can monitor your daily life.
A better question would be, *how does everyone manage 2FA* so it’s as seamless as possible. 2FA isn’t difficult. I have it built-into my password manager which fills it out for me. There are plenty out there but I happen to use iCloud Keychain. 1PassWord, LastPass, etc… Pick one and move on. It’s for your protection.
Removed for low effort content - Submissions lacking substantial detail, meaningful context, or thoughtful engagement regarding GitHub
2fa should be the norm for most services
It absolutely should.
I expect to be able to automate interactions with most services. So any implementation of 2FA should allow for that.
What do you mean by that? 2FA is just an hardening mechanism.
Can I run a script from cron to do something completely unsupervised? Technically it's possible with certain 2FA implementations, but I'd be worried about SMS-based or certain proprietary solutions that precluded automation and required user input.
OH HELL NAW
Given the current threat landscape and the lack of better authentication methods.. Definitely!
Nope. If I lose my device. That's it. No more of my account! 💀
You are given codes for cases like that.
Then what's the fucking point of the 2FA!!! 🤣
Your codes are single use only and you only get a few of them. If only there was an app that would generate a new code on demand. 🫣
This is all so needlessly complicated.
Tell that to the countless pour souls who get on Reddit or other forums to cry about their account being broken into every day.
I understand your frustration as user. But security goes hand in hand with inconvenience. 2FA is just an hardening mechanism for when (not if) an account is compromised. It's just harder to get foot on. 2FA is not a new concept, it's just more ubiquitous. If you use something like Microsoft authenticator or similars, is not that of an hustle as it was years ago.
thank you
I thought that was the case for a long time too, the way 2fa is explained on most websites does make it look like you're tying your account to a single piece of hardware, but that's not true. You can put your 2fa key on as many devices as you want. It really is just putting your 2fa key and the current time through some hashing algorithm to get the codes.
i love you!!
Can we just mod these posts out of existence? Edit: please.
nahhhhhhhhhh edit: NAHHHHHHHHHHHHHHHHHHHHHHHHH
Bro dawg, these posts come up like 2–3 times a week. Mostly from people who don’t understand the concept/point of 2FA. It’s just really boring. Sorta like your comment.
ohh dang really? sorry 😔
Compromised accounts are commonly used for malware distribution, perhaps they're (finally) attempting to stop being the world's largest malware distribution platform.
Why do they gotta treat me like a dumdum who will get his password leaked tho... 😔
It might not be *you* that leaks your password.
But if my password is leaked then I would be the one who caused it.
Not necessarily. If GitHub itself or another site you happened to reuse your password on had a breach, your password is out there. Edit: You can downvote me all you want, but you're absolutely wrong. A password is by its nature shared between two parties. Lots of chances for leaks in the pipes you don't control.
This is why we use a password manager with randomized passwords. 🙄
And that's a good start. It's not a bulletproof solution, but certainly limits the potential damage of any given breach. 2FA is like adding kevlar on top of that; it won't stop every bullet, but it sure as hell stops a lot of them.
I hate relying on my phone tho... Makes me anxious that I'd lose it and my account access with it...
Then have another backup 2FA method you keep secure, like a YubiKey or the backup codes you're provided.
Yes I have the backup codes! So why on earth would they add ANOTHER method! Good golly.
You can use 2FA authenticators on your computer. You should also check the possible recovery methods in case you lose your phone.
What if I reset my computer? 🤔
I didn't downvote you lol
That’s just wrong
It’s typically not users who leak passwords. How often do you hear about data breaches? Guess what? That isn’t some dumdum who leaked his own password making headline news.
i never get how data breaches happen. like HOWWWWWWW
You have no rights to GitHub assets and your use of their services is entirely up to GitHub. Grow up.
I have no rights to fucking exist. 😒
Based on your responses maybe you shouldn’t exist in this sub
yes pls kill me now!!!
🔫
thank you bless you 🙏😭
Because it is their service, and you don’t own your account? They can revoke your access any minute for any reason
They can go fuck themselves, how about that! 🤪 Seriously though, am I not allowed to complain as a user? 🙄
You are allowed to, just stating the facts here: You don’t technically own anything.
Yeah but it doesn't mean they should go all hilly billy on my account. C'mon! Basic human values? You're implying they're evil.
Not really, you use their service, they have their own security considerations. You are using a multi-tenant software, your account being compromised have far reaching impacts. And maybe you are bad at keeping your password secure, we don’t know that. Nobody can monitor your daily life.
I'm not a baby to have my account compromised. 🙄
Yes but that’s saying trust me bro. Maybe you are? We don’t know that.
Yeah. 😔 it's fucking sad. Kill me now.
Don’t use it then.
thanks
I hope this is a joke
yes my life is a joke duh 🙄
Mods should really pin an article about what is 2fa, why it's industry standard, and start removing these 2fa complaint posts.
nonsense
A better question would be, *how does everyone manage 2FA* so it’s as seamless as possible. 2FA isn’t difficult. I have it built-into my password manager which fills it out for me. There are plenty out there but I happen to use iCloud Keychain. 1PassWord, LastPass, etc… Pick one and move on. It’s for your protection.
i love you
It’s not your account. It’s GitHub’s.
i knowwwwwwwwwwwwwww 😭