I will recommend `pass` too, and recommend installing passmenu ( https://git.zx2c4.com/password-store/tree/contrib/dmenu/passmenu). It uses dmenu to show the entries to pass on a hud-like fashion, so you wire it to a hotkey (I use ctrl-alt-p), and it makes your life easier. This video (https://www.youtube.com/watch?v=_rd4CeDgdF8) is a great, short tutorial on how to set pass and passmenu. Mauro https://www.maurosouza.com - registered Linux User: 294521 Scripture is both history, and a love letter from God. On Mon, Oct 28, 2024 at 12:54 PM Lennart Sorensen via talk <talk@gtalug.org> wrote:
On Mon, Oct 28, 2024 at 10:57:55AM -0400, Kevin Cozens via talk wrote:
Pushing and pulling code still works using existing SSH keys you have in place. 2FA on github is partially broken. I was forced to use it and now my account is so secure the only way I can get in is via a rescue key.
They really want you to use a cell phone. I don't have one but github gave me the option of using totp. That was fine. During setup they showed me a QR code to scan and some long string of characters below it. I C&Ped the string of text in to a totp I installed on my machine from the repos of the distro I use. I passed the program the string of chars, got a shorter string, and entered that in to github and all was well, or so I thought.
When I try to log in now that github is happy that I have 2FA setup github asks me to enter a code (that shorter string of chars). The problem is it doesn't show me the long string that I need to feed to my totp program so I can never git it the code it wants.
As a result I can no longer use github as I did before. I have copied all my projects to gitlab. I have gone in and marked a few of my projects on github as archived and will be marking the rest the same. I'll be creating a new account on github just so I can use the bug tracking features of other projects as long as it doesn't again want me to set up 2FA.
The long string would be the setup code I believe. You should only need that once to setup TOTP. From then on it should stay working on your machine unless you deleted the configuration.
You do not want it to offer a new code to setup another 2FA each time you login. That would not make sense.
Your program for 2FA should simply display codes when run using what was already setup, which you enter to login. It is time based for synchronization.
-- Len Sorensen --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk