What is Nostr?
ティージェーグレェ /
npub10q2…77k5
2024-12-14 07:58:40

ティージェーグレェ on Nostr: "GitHub Fri, Dec 13, 7:12 PM (12 hours ago) to me Hey artkiver! We're reaching out to ...

"GitHub

Fri, Dec 13, 7:12 PM (12 hours ago)

to me

Hey artkiver!

We're reaching out to let you know that, as announced last year, we have officially begun requiring users who contribute code on GitHub.com to have two-factor authentication (2FA) enabled.

Your account meets this criteria, and you will need to enroll in 2FA within 45 days, by January 27th, 2025 at 00:00 (UTC). After this date, your access to GitHub.com will be limited until you enroll in 2FA. Enrolling is easy, and we support several options, starting with TOTP apps and text messages (SMS) and then adding on passkeys and the GitHub Mobile app."

Fucking GitHub.

It's not 2FA.

2FA is two factors.

A username and a passphrase are already two factors!

Also see: Citadel BBSes, where they only asked for a passphrase (one factor authentication).

Well, unless SysOps turned on "paranoid mode" which then prompted for a username and a passphrase, thus: TWO factor authentication.

Whatever bull it.sh GitHub is on about again is MFA (Multi-Factor Authentication) but they're too fucking stupid to use the correct terminology and since they were bought by Micro$oft they're never going to get smarter, only dumber.

I remember dealing with something similar from them a year or two ago?

I enumerated, I think as many as six, possibly seven different authentication factors?

As it stands:

1. username
2. passphrase
3. often (but not always) when attempting to login from a different IP/browser/whathaveyou it will send a "Verification Code" to the associated email address (so at least three, but maybe 4 depending on how you count)
4. SSH keys. When I checkout/clone a repository/branch/fork and push changes, it prompts me for an SSH key.
5. My SSH keys are also passphrase protected.
6. Passkeys are an option (apparently, I feel as if since I am already using no fewer than 4-5 authentication factors, adding 6 is starting to get fucking idiotic).
7. TOTP options? (That requires like: an app or a physical dongle/token, and apps also require phones, so that's really more like 8)
8. Phone numbers (which also require a phone and a subscription/service so maybe more like 9)?

I hate GitHub.

If you don't hate GitHub, I think: maybe you aren't experienced enough to understand why anyone would hate them.

But great, now I have 45 days to jump through some more bull it.sh because GitHub is staffed by absolute imbeciles apparently.

#GitHub #2FA #MFA #MultiFactorAuthentication #GitHubCannotCount #SecurityTheater #Bullshit
Author Public Key
npub10q2wkcw49x5vpxsp4y8usuz0jx64tv2rvnfxpy54wrqcsvkuywcqe377k5