A place for developers to talk about building on Farcaster.

/dev

Microsoft is enabling 2FA in GitHub... 

Coders will lost acces to their code and repos... if they do not share more personal info with github is how I understand it...

any opinion on that?

Alchemist. 
Block Builder. 
Creator.
Degen. 
Ethereum dev. 
Farcaster Framer.

20. hacking @ https://www.spire.dev/ 
previously intern Nethermind, epns.io

At least it is not based on sms.. what a security hole..

Imo 2FA is extra complexity, extra info, and extra points of failure

I am not sure if I am understanding it, do you mean a githup app to manage the auth or to manage everything in github? 

They mentioned a couple of diff ways to auth with 2FA, need to dive

2FA good...? Use authenticator app or Github's app, no need to share any more info

🇨🇭 DevRel in Consensys 🦊 Vibing in the /devrel and /metamask wallet channel

Idk what Authy is,

I am classic, a notebook with all my passwords 😅

Se siente mejor y no. Puedo amar más y más que antes. Lo que ella ha dicho siempre importa. 

Cambia de cuerpo, altera la mente, pero me arrodillo igual. ¡De ro

they usually take them without ask, it is a big step from their side to ask before 😅

Software developer, open source enthusiast, privacy advocate.

Clear Wallet Open-source privacy focused wallet: https://clear-wallet.flashsoft.eu/


I got the security point. Obviously a password is not safe... but 2fa does not solve the problem. 

It is still unsafe and adds extra complexity, in some cases ask for more data, even biometric data.. or external devices.. or third party software.. should be a better way.. 

I could use Radicle, too.

I had all security options enabled on GitHub long before they become mandatory. I think commit signing should also be mandatory. 

I think it's more about creating security than harvesting data. If you have a decent VPS you can use GitLab if you don't want to comply, or for a less powerful VPS use Gitea.

enzo's dad 🇬🇷 in LA 🌴 eng @ fanatics.live ⚾️ alexloukissas.com

I mean sharing more info in general, why I need extra things to access my code?

Yeah, I need to go deeper on it, but after a first read, passkeys would be my way to go.. still not sure about all the requirements

Are they open source? or use the cloud? personally, I dont want my pass in the cloud..

they also support passkeys -  bitwarden and other pw managers make this super easy to use. what personal info are you really sharing with github like this?

Dad, geek, conversation liquidity provider. vrypan.net (home), /weatherxm (work), @l--o--l (fun). Also https://paragraph.xyz/@purplesubmarine

I do not use any of them, usually I only trust walletss and paper to store passwords (thinking on migrate to an old digital device wirh no Internet, so I can index them)

Will try to pass the githun 2fa and ser what they are offering in the other side.. 

anyway, still thinking microsoft should leave github as it is.

Most (all?) password managers also support 2FA these days, if you don't mind keeping 2FA + password in the same place.

Live in Colorado; TechnoGeek; Proud mother of a fey creature in the form of a cat; part time vegan, part time meat connoisseur; walker of edges.

I am not a microsoft user nor an Authy user.

Should sign up in both platforms to get access to MY code as I do rn.. (?)

Sending more data... what is more, sending more data to microsoft..

When I uploaded my code to GH was under certain conditions, now they are changing.. technichaly is a barrier betwen me & my code

I’ve had MFA enabled on all my github accounts for years. I use Authy and/or the github app for it, and didn’t give them any more personal info than without MFA would. Using it is always best security practice, on github or any other site that supports it.

There is a good for reason for secure the github account, yeah.

I am not questioning the risks but the way to solve them. 

Anyway, the time will say.. they say 99.9 of attacks would be mitigated.. this is a very high number.. so, no more accounts hacked, they solved a trillion dollar problem..

There is a good reason for enforcing 2FA. 

Getting unauthorized access to a GitHub repo from an account with admin rights is a huge security risk. 

With CI pipelines, access to GitHub often also means you can deploy malware code to production.