On Mon, Oct 28, 2024 at 10:57:55AM -0400, Kevin Cozens via talk wrote:
> Pushing and pulling code still works using existing SSH keys you have in
> place. 2FA on github is partially broken. I was forced to use it and now my
> account is so secure the only way I can get in is via a rescue key.
>
> They really want you to use a cell phone. I don't have one but github gave
> me the option of using totp. That was fine. During setup they showed me a QR
> code to scan and some long string of characters below it. I C&Ped the string
> of text in to a totp I installed on my machine from the repos of the distro
> I use. I passed the program the string of chars, got a shorter string, and
> entered that in to github and all was well, or so I thought.
>
> When I try to log in now that github is happy that I have 2FA setup github
> asks me to enter a code (that shorter string of chars). The problem is it
> doesn't show me the long string that I need to feed to my totp program so I
> can never git it the code it wants.
>
> As a result I can no longer use github as I did before. I have copied all my
> projects to gitlab. I have gone in and marked a few of my projects on github
> as archived and will be marking the rest the same. I'll be creating a new
> account on github just so I can use the bug tracking features of other
> projects as long as it doesn't again want me to set up 2FA.

The long string would be the setup code I believe.  You should only
need that once to setup TOTP.  From then on it should stay working on
your machine unless you deleted the configuration.

You do not want it to offer a new code to setup another 2FA each time
you login.  That would not make sense.

Your program for 2FA should simply display codes when run using what
was already setup, which you enter to login.  It is time based for
synchronization.

--
Len Sorensen
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk