Remix.run Logo
thenewnewguy 7 hours ago

Huh? Just to make sure I wasn't missing something, I checked and my GitHub account has only a TOTP app and hardware security key configured, no SMS/phone number.

As a matter of fact GH even has a red "Less secure" badge on the SMS 2FA in the settings discouraging its use, as well as the following text in the description: "We strongly advise against using SMS because it is susceptible to interception, does not provide resistance against phishing attacks, and deliverability can be unreliable."

pocksuppet 6 hours ago | parent [-]

This option must have been added later.

entrope 6 hours ago | parent [-]

U2F was always an option, because I used it since they added the MFA requirement (and like others here never gave Github my phone number). I think TOTP was also available from the start. The warning to not use SMS for MFA might have been added later.