[Toybox] Microsoft github is disabling my account on the 7th.

Ray Gardner raygard at gmail.com
Fri Sep 27 13:36:46 PDT 2024 

On Wed, Sep 25, 2024 at 3:58 PM enh <enh at google.com> wrote:

> On Wed, Sep 25, 2024 at 2:19 PM Rob Landley <rob at landley.net> wrote:
>>
>> On 9/25/24 10:48, enh wrote:
>> > On Wed, Sep 25, 2024 at 11:14 AM Rob Landley wrote:
>> >     > GitHub users are now required to enable two-factor authentication as
>> >     > an additional security measure. Your activity on GitHub includes you
>> >     > in this requirement. You will need to enable two-factor authentication
>> >     > on your account before November 07, 2024, or be restricted from account
>> >     > actions.
>> >
>> >     So apparently I'm losing access to microsoft github on November 7th. I still
>> >     have https://landley.net/toybox/git/ <https://landley.net/toybox/git/> but
>> >     that isn't particularly load-bearing.
>> >
>> >     Anybody got any suggestions for an alternate git hosting service? I haven't
>> >     looked around recently.
>> >
>> > gitlab's even worse --- they wouldn't accept the phone number i use with github
>> > for some reason, and suggest i give them a credit card instead.
>>
>> I asked on mastodon and got sourcehut.org suggested, haven't looked yet. We set
>> up a local gitea for j-core.org a while back but never published it because it
>> scales TERRIBLY (2 gigs ram per active connection!) Half of what github's used
>> for is bugzilla, probably need to find one of those...
>
>
> before you give up on github, can't you use a security key for the 2FA? presumably
> you wouldn't have the same objections to that that you do to your phone number?

Is the only objection to the 2fa requirement that Rob doesn't want to use
his phone number for an SMS code?

I just set up 2fa on my github account using Bitwarden Authenticator (FOSS
for Android and IOS).  It was pretty easy. Installed the app, told GitHub
to set up 2fa using the app, scanned a QR code shown on the laptop with my
phone, entered the code shown on the app into the laptop, and I was in and
set up.

I logged out and back in. After entering username and password, I was
prompted for a code. The auth app on the phone gave me the code without
having to scan or do anything. Entered it and I was in.

Pretty easy really. Unless there are other objections to setting up 2fa, I
think it's much easier than moving to a different git host.

(BTW I saved the recovery codes into my password manager and
also set up a backup auth method for extra safety.)

Ray

More information about the Toybox mailing list