> On May 19, 2023, at 01:39, Jeroen wrote:
>
> Btw, read:
> https://github.blog/2023-03-09-raising-the-bar-for-software-security-github-2fa-begins-march-13/
> which links to
> https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa
> for various options.
>
> Note these are options (outside of the requirement to chose one of them for
> extra security):
> FIDO U2F/Webauthn, TOTP and Passkeys etc are all public standards, multiple
> tools support them, use what you want/like/etc.
>
>
>
> If you do not have TouchID, I heavily suggest getting a Yubikey or Nitrokey
> for secure authentication, can typically also be used for PGP if one still
> uses that.
>
> TOTP is nice, but FIDO U2F is better :)
>
> iOS Keychain has TOTP built-in btw, though hidden a bit in settings, no extra
> app needed.
>
> The GitHub Mobile app is another option to use.
>
I've had 2FA enabled on my GitHub accounts for quite a while now. In my normal
workflows I never encounter it. So in order to push via ssh, etc, you don't
need it.
Occasionally you get asked for it on the web interface, but not really all that
often. I have a couple of methods enabled - a yubikey, GitHub mobile app, and a
OTP app on my phone. And I use whatever is most convenient depending on where I
am / what I'm doing.
I recall maybe once or twice where it felt annoying and "slowing me down", but
most of the time it felt more like a good indication that I should think
carefully about what I'm doing (so the need for 2FA is often triggered by
irreversible actions like deleting a repo or very impactful actions like adding
a collaborator).
Overall I find it very well implemented.
/D
_______________________________________________
subsurface mailing list
subsurface@subsurface-divelog.org
http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
