Hello dear Lemmy Community,
I have a very nice story to tell you all. I was having a blast over the last few days setting up a home server with completely open-source software. As usual, I encountered some small problems with specific apps, so I wrote two issues and one feature request on their respective GitHub pages. After a few days, I received no responses in the very active communities, but nothing too strange yet.
Today, in the evening, I used my phone to check if a specific issue had gotten any reactions by now, but I couldn’t find my issue at all. I just saw “23 open issues,” and none of them were mine. After logging in, it miraculously changed to 24 open issues.
Well, after a bit more testing, it turned out I was shadow banned. After discovering that, I tried to contact their support, but I was told I need to activate 2FA via an app or phone number first. “No thanks,” I thought, and went ahead to try deleting my (not so important) GitHub account. But surprise, surprise: the account deletion button was greyed out, and I was told to write their support! Which I can’t do because I don’t have 2FA!
What the fuck, GitHub?!
Thanks for reading! I hope you had more fun reading this than I had experiencing it.
Never took the time to properly set it up and look at it. :/ And at least with the 2FA Apps I want to properly understand them before using them, but you are probably correct.
Standard TOTP 2FA is simple. You get a token when you enable 2FA, which you enter into the app (often there’s a QR code you can scan, but it’s always possible to enter it manually). The app generates a code (usually six digits) based on the token and the current time. Then when you log into GitHub you enter that code when prompted. That’s it.
Thanks for the explanation and I was just starting to look into them myself and I have to say, they look good, simple and private. Any recommendation for an local 2FA App with automatic local backups? Currently looking at Aegis
Aegis is popular and will serve the purpose.
As an alternative to 2FA (mobile) apps, you can also use password managers like KeePass. They (or some of them) support 2FA/TOTP.
Oh, nice! Thanks for pointing that out, I never noticed it before. Since I’m already using KeePass, that will be the way to go for me.