this post was submitted on 19 Aug 2023
145 points (98.0% liked)

Open Source

31366 readers
162 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

If proprietary app is better and more robust I am willing to try it and assess it myself.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (4 children)

I know it is an unpopular opinion, but it is a huge headache in general. I don't think the theoretical benefits (which make total sense) actually pay off in reality and are worth the extra headache. I'm not saying they should not have it at all, but it should be at least opt-out instead of forced.

In the case of github, I think it is part of their long drawn out plan of data collection and proprietary lock down. Next they are going to require your house address and government ID. I feel better using an free and open source platform anyway.

[–] [email protected] 2 points 1 year ago

How exactly could a site collect more of your data through 2fa?

[–] [email protected] 1 points 1 year ago

Well, if you use a password manager such as bitwarden you can store your 2FA one ctrl-v away. Even if this is a less secure setup, that still prevents someone eavesdropping on your password from reusing it.

[–] [email protected] 1 points 1 year ago

Unless you clear cookies constantly, you need to login just once in a while, where is this huge headache? Password get stolen, 2FA protect you from that.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Where does this even come from, passwords are increasingly insecure and adding another factor, especially authenticator codes, doesn't even require you to give up a single new piece of personal information. The entire thing is just adding a local code that your program of choice remembers and uses to generate the one-time password. No data collection, no proprietary software. Other areas might be doing bad shit for all I know, but this change is entirely a forced security measure because people are too bad at passwords.

After seing the frequent attempted logins on my Microsoft account, I'm "just" a lucky guess away from losing it if I do not have another thing blocking access.