On Fri, Sep 27, 2024 at 4:37 PM Ray Gardner <rayg...@gmail.com> wrote:
> On Wed, Sep 25, 2024 at 3:58 PM enh <e...@google.com> wrote: > > > On Wed, Sep 25, 2024 at 2:19 PM Rob Landley <r...@landley.net> wrote: > >> > >> On 9/25/24 10:48, enh wrote: > >> > On Wed, Sep 25, 2024 at 11:14 AM Rob Landley wrote: > >> > > GitHub users are now required to enable two-factor > authentication as > >> > > an additional security measure. Your activity on GitHub > includes you > >> > > in this requirement. You will need to enable two-factor > authentication > >> > > on your account before November 07, 2024, or be restricted from > account > >> > > actions. > >> > > >> > So apparently I'm losing access to microsoft github on November > 7th. I still > >> > have https://landley.net/toybox/git/ < > https://landley.net/toybox/git/> but > >> > that isn't particularly load-bearing. > >> > > >> > Anybody got any suggestions for an alternate git hosting service? > I haven't > >> > looked around recently. > >> > > >> > gitlab's even worse --- they wouldn't accept the phone number i use > with github > >> > for some reason, and suggest i give them a credit card instead. > >> > >> I asked on mastodon and got sourcehut.org suggested, haven't looked > yet. We set > >> up a local gitea for j-core.org a while back but never published it > because it > >> scales TERRIBLY (2 gigs ram per active connection!) Half of what > github's used > >> for is bugzilla, probably need to find one of those... > > > > > > before you give up on github, can't you use a security key for the 2FA? > presumably > > you wouldn't have the same objections to that that you do to your phone > number? > > Is the only objection to the 2fa requirement that Rob doesn't want to use > his phone number for an SMS code? > (i'm not certain, but phone number and credit card are two things he's _explicitly_ mentioned in the past. and certainly "give us a valid credit card number" was where i gave up trying to set up a gitlab account personally.) > I just set up 2fa on my github account using Bitwarden Authenticator (FOSS > for Android and IOS). It was pretty easy. Installed the app, told GitHub > to set up 2fa using the app, scanned a QR code shown on the laptop with my > phone, entered the code shown on the app into the laptop, and I was in and > set up. > > I logged out and back in. After entering username and password, I was > prompted for a code. The auth app on the phone gave me the code without > having to scan or do anything. Entered it and I was in. > > Pretty easy really. Unless there are other objections to setting up 2fa, I > think it's much easier than moving to a different git host. > > (BTW I saved the recovery codes into my password manager and > also set up a backup auth method for extra safety.) > (yeah, and that's one way in which your idea is better than mine --- good security keys are expensive!) > Ray >
_______________________________________________ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net