GitHub now requiring 2FA for all contributors,what authenticator apps you using?

GitHub is rolling out mandatory 2FA for accounts that contribute code, with a 45-day window to enroll.

Aegis, Raivo, or Ente are the ones that have most promise from what I've read. Any other recommendations? or thoughts on those three in particular.

TY

12 points | by nickcageinacage 1 day ago

15 comments

  • uyzstvqs 1 day ago
    Aegis (local) https://github.com/beemdevelopment/aegis

    Bitwarden Authenticator (local) https://bitwarden.com/products/authenticator/

    Ente (encrypted cloud backup) https://ente.com/auth/

  • jc-myths 1 day ago
    Google auth, first and the only 2FA authenticator I ever used.
    [-]
    • aerzen 14 hours ago
      Because some auth provider recommended it as the only app to use. While it is a good app, it does backup into Drive.
  • grahammccain 7 hours ago
    I only use google and Microsoft, it might be a good idea for me to look into this deeper for the future.
  • jjgreen 1 day ago
    That's been pending for a while, I'll just stop contributing code.
    [-]
    • nextos 19 hours ago
      You don't need an app if you don't want one.

      In a CLI, oath lets you calculate a TOTP.

      But it's maybe a bit more insecure if you use the same machine.

    • codazoda 21 hours ago
      Why? You’re against 2FA? You couldn’t contribute without an account before, could you?
      [-]
      • jjgreen 12 hours ago
        I'd had a GH account for ages under my own name, I closed that as soon as Microsoft took it over, moved all my repos to GitLab, good move. I opened a new GH account under a silly name [1] so I could collaborate with people still on it. Now I'm not really against 2FA, but don't use it myself, it adds friction, adds risk (what if you lose it), it seems too "theatrical" for my liking. You want to use 2FA? be my guest, live and let live etc. What I don't like is being told what to do with my account, particularly by someone like MicroSlop. I won't add 2FA to my GH account, so I'll not contribute any code to GH based projects, ho hum. As I understand it, I'll still be able to raise issues without 2FA, fine, and when 2FA becomes mandatory for that, I'll stop doing that too.

        [1] https://github.com/noproblemwiththat

        [-]
        • stephenr 3 hours ago
          > adds risk (what if you lose it)

          Lose what exactly? Decent 2FA setups make you confirm you've recorded a set of backup codes somewhere (they often recommend print and store in a safe, I find a secure note in a password manager works well) before activating it.

          Furthermore plenty of TOTP applications offer secure backup and syncing features.

          So again, what specifically do you think you're going to "lose"?

  • thegoldenman 20 hours ago
    https://apps.apple.com/au/app/2fa-authenticator-2fas/id12177...
  • codazoda 21 hours ago
    Authy but I’m considering moving to Apple Passwords so it’s all together.
    [-]
    • ecesena 18 hours ago
      Same. To add some details, I used Authy because at the time it was the only app that would just work after upgrading my iphone. I never enabled their cloud mode, so only local 2FA codes.
  • threecheese 1 day ago
    Using GitHub MFA via the app on my iPhone.
    [-]
    • nickcageinacage 1 day ago
      yea. I'm pretty sure they want separate authenticator app or browser extension
    • paulG12 1 day ago
      So now I need my damn phone to push something. Great. What's next, my national ID?
      [-]
      • stephenr 3 hours ago
        If by need you mean, can choose to use, and if by push you mean, login to the GitHub web ui, then sure.
      • nickcageinacage 1 day ago
        lmao welp. that is the path other apps are going so i wouldnt be surprised
  • pickle-wizard 1 day ago
    I use a passkey that is in iCloud Keychain.
  • tacostakohashi 8 hours ago
    KeepassXC
  • riidom 21 hours ago
    on phone: 2FA Manager from OpenStore on UBports phone

    on work laptop: 1PW

  • cyberclimb 22 hours ago
    Checkout Ente Auth
  • stalfosknight 1 day ago
    iCloud Keychain
  • mindwork 1 day ago
    I still use Authy tbh
  • bjourne 1 day ago
    Microsoft showing 2FA down everyone's throat is quite painful. I don't for a second believe they are only using my phone number for authentication. They are storing the data and they are correlating it with other apps they force 2FA on.
    [-]
    • stephenr 1 day ago
      So don't give them your phone number.

      Arguing against 2FA is like arguing that they shouldn't bash your password because it means you can't see your password to help remember it.

      [-]
      • stephenr 3 hours ago
        s/bash/hash/
      • bjourne 1 hour ago
        Um, no? Arguing against 2fa is I don't want to cede even more PII with the American tech oligopoly which, no doubt, will share said PII with the American regime.
  • nashashmi 1 day ago
    Totp.app