You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.45K Posts
- 57.9K Comments
- Modlog
2 factor authentication is not about security. It is about forcing open source developers to identify themselves by providing a phone number or other similar information.
Do not use Github. Microsoft corrupted it.
Please stop sharing inaccurate information
There are many 2FA options, and you never need to add a phone number to your account if you don’t want to
This also is not entirely accurate. I checked the options, and only two exist: sms or authenticator app. Both phone based.
Mobile phones are the least secure device that you are likely to own, so using them as authenticators is unwise.
Okay, you got me stumped here
Either I added my 3x Yubikey security keys prior to that feature being taken away, or there’s a bug, or there’s some condition that has to be met before you can add security keys to your account: are you using a compatible web browser (e.g. recent Firefox), and have you downloaded/viewed/printed your recovery codes?
Un-nuanced absolutist statements like this grind my gears a little, haha
SMS is plain-text, and codes from the authenticator apps (and possibly also the GitHub Mobile app) can be phished, so in this regard I agree that the security key option offers the strongest safety/privacy, but those other phone options are still better than nothing for the majority of users
As far as devices I own, the only TV I could buy here was one running Android 10 without any software updates in the last 2 years, I feel I can confidently state that the TV is less secure than the phone I bought this year with an OS patch from this month
This is all about getting your phone number, since you can’t enable a hardware token without giving them your phone number first.
Phone number then links to “real” identity, bank, home location and so on.
There are very good Github alternatives.
There are a range of two-factor authentication mechanisms that can be added to your GitHub account, so this does not require sharing your cell phone number with them at all if you don’t want to
I’m not sure why people are complaining about this change, this seems like a reasonable security uplift that will hopefully be adopted across more services
Do not use GitHub. This should be the final straw.
Before anyone bothers saying MiCrOsOfT iS rUiNiNg GiThUb…
It was always a shit company run by shit people. It was built from the very beginning to be a honeypot for open source projects to amass counterintelligence data. That is why Microsoft bought it. The entire business model has always perfectly aligned with EEE.
Thanks for coming to my ted talk.