[Toybox] Microsoft github is disabling my account on the 7th.

[Rob Landley]

On 9/28/24 14:42, James Cloos wrote:
> i put up with that 2fa demand nonsense.
> 
> there was a button to get the request as a text string instead of that
> anoying qr.
> 
> i used totp-cli to get an answer to gh's request.  their system was
> happy with that.
> 
> do be sure to save the github-recovery-codes.txt they privide after the
> challenge and reply.
> 
> as well as the data file for whichever software you use.

Is there a howto on this? (I can try searching from minneapolis if you haven't
got one handy, I'm a bit scrunched packing out my hotel room in tokyo just now.)

> gentoo has at least:
> 
> app-crypt/totp-cli-bin (in the guru overlay)
> app-admin/keepassxc

Devuan Bronchitis has keepassxc but not totp anything. (The laptop with Devuan
Dermatitis isn't set up at the moment.) Is that the same as
https://github.com/WhyNotHugo/totp-cli (which says it's a pip install...)

> which work.  the latter has both gui and cli ui's.
> 
> other distributions should also have options.
> 
> debias sid has at least:
> 
> keepassxc-full/unstable
> keepassxc-minimal/unstable
> 
> and in bookworm and earlier:
> 
> keepassxc/stable

It says it's a password manager, is that the same as totp-cli?

The thing is, Elliott co-maintains the github repo, and that's useful. I'd
rather avoid inconveniencing him unnecessarily, and if there's a command line
utility I might give it a shot.

Rob

P.S. I have no idea how "enter a unix time from the command line and this will
generate a code way in the future" is supposed to be more secure. Somebody with
15 seconds access to my laptop could generate one for 3am a week from now and
log in at the specified time. Reading the setup, there's a shared key in
plaintext extractable from the github config. That's JUST TWO PASSWORDS, they're
merely obfuscating one of them slightly...