So what do you all use for the github 2FA shit?
It asks for a browser extension thing, is 1password what people use?
edit: Okay, if desktop app, not an electron program.
So what do you all use for the github 2FA shit? It asks for a browser extension thing, is 1password what people use? edit: Okay, if desktop app, not an electron program. 37 comments
@neauoire I use my text messages and the Keysmith app for KDE. https://apps.kde.org/keysmith/ If you save a copy of the qr code you can import it into a bunch of devices. @neauoire i use a mobile app called FreeOTP to store those 2FA codes. im sure there's one on desktop because the math behind it is pretty simple. it shouldn't need to be stored 'online' anywhere. @dantescanline I don't have a phone but I'll try to find a desktop app for this. Thanks @neauoire ah i should say it's FreeOTP is android, in case you have a tablet or something since it's just a simple local app with no "phone" requirements @neauoire @dantescanline Is this on purpose = I don't want a phone or I'm sailing so the phone does not work anyway? I'm also tired of big corporations so I' looking at building my own phone, and internet 2.0 like in silicon valley the TV show XD: http://radiomesh.org @tinspin @dantescanline I find it too distracting, I have a predisposition to rely on it too much, and getting lost haha. I prefer to do without if I can :) @neauoire For 2FA authentication, I have a horrible gross 10 line shell script that calls oathtool to generate the one time pass number. So far, every site has had a “can't scan the QR code?” button that's let me get the magic number to feed into oathtool without scanning a QR code. The script basically does this: `oathtool -b --totp $MAGIC_NUMBER` @neauoire I use 1Password. But you might also consider using a hardware device like Yubikey. @neauoire If you're in Apple's ecosystem land, the automatic keychain password keeping is pretty great. It (now) includes OTPs and completes them automatically, like the password field. The system is not flawless but is better than other keepers I've used, is really nicely integrated, and keeps improving. … sorry if this is totally useless advice in your case! @benjohn it's useless to me, but maybe someone reading this can make use of the advice. It's been many years since I've seen an OSX device :) @neauoire I use bitwarden for my github 2FA, I don't remember if its included in the free plan or not @neauoire I use 1password 7 which is native on macOS. new versions (8+) uses electron unfortunately. @neauoire imho it just needs to be any kind TOTP implementation I used yubioath, gopass and unixpass (with pass-otp extension) in the past. All of them are fine. Yubioath is secured by hardware (yubikey) and unixpass/gopass can use GPG as a backend to secure the secrets. And you can use yubikey/nitrokey directly in the browser, but this depends on a recent chrome or firefox browser, I guess. @neauoire i've heard you can use a security key like a yubikey, rather than TOTP QR code scanning or SMS. i'm not sure how mutually exclusive all those options are :/ (i have all these options enabled so i'm not sure if one requires another) @neauoire I use a yubikey, although I think when I got it it wasn't directly supported, so currently I have it set up as a code generator - I either tap it on my phone with NFC or plug it into a computer and run yubico authenticator, and it generates a code to enter into Github. The transition to USB-C kinda sucks - I have some devices that can't do USB-A (my work Macbook) and some that can't do USB-C (my own Macbook). |
@neauoire 1password doesn't necessarily store your password with their service - you can keep the vault file whereever you would like.
for 2FA, I use google authenticator, but you need a newish phone for that.