Just wondering what people are using to meet the 2FA requirement GitHub has been rolling out. I don’t love the idea of having an authenticator app installed on my phone just to log into GitHub. And really don’t want to give them my phone number just to log in.

Last year, we announced our commitment to require all developers who contribute code on GitHub.com to enable two-factor authentication (2FA)…

  • toastal@lemmy.ml
    link
    fedilink
    arrow-up
    10
    arrow-down
    2
    ·
    6 months ago

    Ideally you don’t want to build your open source software on a proprietary forge service so hopefully nothing of value is on the Microsoft-owned platform so it doesn’t really matter how secure it is.

    But you should have a free software TOTP option on you anyhow. I use password-store’s OTP plugin so it is easier to back up & sync.

    • fuzzzerd
      link
      fedilink
      arrow-up
      5
      arrow-down
      1
      ·
      6 months ago

      Did you forget the ./s or something? Lemmy itself is developed on GitHub, as are plenty of other “valuable” open source projects. To pretend nothing of value is built there is putting your head in the sand.

      If you’re developing software on GitHub you have a chance at getting some useful feedback, bug reports and maybe even PRs. Like it or not, the network effect is real.

      • refalo
        link
        fedilink
        arrow-up
        5
        ·
        edit-2
        6 months ago

        SFC recommends to not use them, so that’s what I will keep (not) doing.

      • toastal@lemmy.ml
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        6 months ago

        Not /s

        It is long past the time to move on. We don’t like the ads, gamified/corporate-friendly social media aspects, & enshitification of the web (which is why we are an Lemmy not Reddit), so why would we want that same platform for our code?

        Also Lemmy has every interest in moving as soon as ForgeFed is finalized & merged into a forge the can host since they want the same decentralized values for their forge as their forum/link aggregator platform and have publicly acknowledged it is a problem.

        Your projects should follow that example, if not your current projects at least future ones. These megacorporation are not our friends.