| ▲ | pocksuppet 7 hours ago | ||||||||||||||||
No, I didn't, because I quit GitHub when they started demanding mandatory SMS 2FA | |||||||||||||||||
| ▲ | graton 6 hours ago | parent | next [-] | ||||||||||||||||
> No, I didn't, because I quit GitHub when they started demanding mandatory SMS 2FA They haven't demanded that of me. I have 2FA with a Yubikey and a TOTP app. I don't ever recall giving them my phone number. | |||||||||||||||||
| ▲ | thenewnewguy 7 hours ago | parent | prev [-] | ||||||||||||||||
Huh? Just to make sure I wasn't missing something, I checked and my GitHub account has only a TOTP app and hardware security key configured, no SMS/phone number. As a matter of fact GH even has a red "Less secure" badge on the SMS 2FA in the settings discouraging its use, as well as the following text in the description: "We strongly advise against using SMS because it is susceptible to interception, does not provide resistance against phishing attacks, and deliverability can be unreliable." | |||||||||||||||||
| |||||||||||||||||