Brodie RobertsonAug 30, 2023
Github REQUIRES 2FA: What This Means For You? #Linux #YouTube https://youtu.be/WnO3uaatquc
Github REQUIRES 2FA: What This Means For You?

YouTube
Show threadKevin Karhan Aug 30, 2023

@BrodieOnLinux it means that if #GitHub doesn't support any good #offline - capable #2FA like #iTAN, a lot of folks won't use it at all!

Espechally since they don't support EVERY NATION AND NETWORK nor can one expect to have a dedicaded and secure phone number for that!

Show threadKevin Karhan Aug 30, 2023

@thatguyoverthere @BrodieOnLinux it does require one to have a device to run it on tho.

Also nothing prevents them from generating iTAN lists and just request a randomized unused entry from it.

It's not as if they'll require it for every push and every merge of code.

Show threadBrodie RobertsonAug 30, 2023
@kkarhan @thatguyoverthere You have a computer
Show threadKevin Karhan Aug 30, 2023

@BrodieOnLinux @thatguyoverthere yes but putting #2FA on the same machine is kinda killing the security advantage.

The idea of Two-Factor - Authentification is to prevent someone from creating chaos if they gain access to an account or it's credentials...

Show threadKevin Karhan Aug 30, 2023

@thatguyoverthere @BrodieOnLinux

Yeah, it's really a downgrade and sadly not practical for me at all...
https://mstdn.social/@kkarhan/110975953455694385

Kevin Karhan :verified: (@[email protected])

@10volt @[email protected] @[email protected] #iTAN are numerized, pre-generated TANs that get requested for randomized 2FA... https://en.wikipedia.org/wiki/Transaction_authentication_number#Indexed_TAN_(iTAN) And no, #TOTP / #HOTP & #SMS-#TAN are NOT practical for numerous reasons I CANNOT disclose... https://mstdn.social/@kkarhan/110975936045776700

Mastodon 🐘
Show threadKevin Karhan 

@thatguyoverthere @BrodieOnLinux Let's just say that if #Github wants to mandate #2FA they need to make it even more accessible than #git is.

If I can't fit it on an #OS1337 boot floppy and keep it fully airgapped on paper without knowing time and date, it's shit.

If banks accept #iTAN to do million-euro transactions than Github can so too...
https://mstdn.social/@kkarhan/110965679190470398

Kevin Karhan :verified: (@[email protected])

Attached: 1 image Just 66.232 bytes left of 1440kB... But already this is pretty nifty and will at least allow OS/1337 "#Floppy Edition" to be more versatile than #Floppinux by being a basic #SSH client [thanks to #dropbear] so it can at least be used to SSH into stuff... #OS1337 https://github.com/OS-1337/OS1337/commit/09534203e2a6e48b4bf5a8b9869d4de962ee0d02

Mastodon 🐘
Aug 30, 2023 at 1:33amWeb