On March 13, we will officially begin rolling out our initiative to require all developers who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Read on to learn about what the process entails and how you can help secure the software supply chain with 2FA.
In the end if it doesn’t work for your security model, than more power to you. But if it helps to increase the security of the average Joe, it’s good advice.
1password does this, too and it’s magical. I’ve had my SMS go to my browser via Google Messages for a while, but it’s so much easier to just auto-fill it instead of copy/paste
Use a password manager that lets you autofill 2fa, like Bitwarden.
That’s bad advice
Is it less secure than it could be? Yes.
Is it better than no 2FA? Also yes.
In the end if it doesn’t work for your security model, than more power to you. But if it helps to increase the security of the average Joe, it’s good advice.
Allowing a smartphone access to anything sensitive is even worse advice. Smartphones are notoriously insecure.
You’re right. Dont grant your smartphone access to your GitHub. Just give it one factor.
1password does this, too and it’s magical. I’ve had my SMS go to my browser via Google Messages for a while, but it’s so much easier to just auto-fill it instead of copy/paste
Also, 1password logs you out when you stare at it wrong, so I’m not worried about someone who would somehow get local access abusing it.