Just wondering what people are using to meet the 2FA requirement GitHub has been rolling out. I don’t love the idea of having an authenticator app installed on my phone just to log into GitHub. And really don’t want to give them my phone number just to log in.

Last year, we announced our commitment to require all developers who contribute code on GitHub.com to enable two-factor authentication (2FA)…

  • thingsiplay@beehaw.org
    link
    fedilink
    arrow-up
    5
    arrow-down
    1
    ·
    5 months ago

    I have a dedicated phone with a dedicated number which stays at home all the time. Call it (see what I did there) the Authenticator phone, which only job is to authenticate me when needed. Not only for Github, but other services too. Minimizing the risk to lose or break the device. And companies don’t get all my private stuff.

        • rcbrk@lemmy.ml
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          5 months ago

          Swapping the sim associated with your phone number – from your sim to their sim.

          • thingsiplay@beehaw.org
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            5 months ago

            But how? It’s at my home and without physical access to it, its impossible to swap sim card. It’s always at my home. Nobody can can transmit my phone number to their sim card without my knowledge and permission.

            • rcbrk@lemmy.ml
              link
              fedilink
              English
              arrow-up
              4
              ·
              5 months ago

              As in “Hi PhoneCompany, I’d like a mobile plan with you. Yes, I’d like to bring my old phone number over to the new account.”

              Or “Hi PhoneCompanySupport, I’m @thingsiplay and i lost my sim, plz send me a new one. BTW my new address is …”

              Ideally it shouldn’t happen, but phone company security is pretty slack sometimes,

              • thingsiplay@beehaw.org
                link
                fedilink
                arrow-up
                3
                ·
                5 months ago

                That’s a big far fetched from reality, just to build an anti argument. I don’t know where you live, but in Germany this cannot happen. You can’t just order a sim to any address and use the phone number of you wish. You have to provide with 100% certainty that you are the owner of the sim card, as every new registered card/number has to provide your goverment id and your personal signature. Also taking old phone number to new account can only happen, if you provide proof you owned it in the first place.

                If you know any case (here in Germany) someone could steal the phone number like you just described, please provide a link. This would be a huge security issue that should not be possible to happen. Nobody in the world can do that to my phone number and I think you just fabricate something that is not possible in Germany.

                • rcbrk@lemmy.ml
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  5 months ago

                  Ah, that’s good then.

                  In Australia you really only need a name and date of birth and ID such as a passport or driving license number of the owner. No physical or even photographic proof. Some phone companies send the original sim a notification before moving it, but no response is required and moving the number often only takes 10~30mins.

                  Banks in Australia commonly use sms codes as 2fa.

                  A large percentage (20~30%?) of adult Australians have had their ID details leaked in recent years because there are no adequately enforced security requirements or data-retention limits. One of the largest breaches was the second largest mobile phone provider…

                  • thingsiplay@beehaw.org
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    5 months ago

                    I see. Off course I only speak from my environment. Even if ID details would have leaked, it should be impossible for someone to get my phone number, even if the person knows my name and phone number and any ID details.

                    It’s actually quite hard to get authenticated for a new phone number in my opinion. In example last year I setup this new number and at first try it did not work, without giving any reason that could give a hint. I ended up buying a different prepaid sim card and the process was the same: go to bank, and do all the shenanigans and dance.

                    BTW sorry for my previous inflammatory language; I get heated up pretty quickly. And you stayed cool.

    • chevy9294@monero.town
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      5 months ago

      That’s exactly what I’m planning to do, a phone that forwards all sms messages through ntfy (or other service like signal) to me.