Posts: 1,469
Threads: 57
Joined: Jul 2012
Thanks: 66
Given 127 thank(s) in 108 post(s)
05-09-2015, 06:33 AM
(This post was last modified: 05-09-2015, 06:34 AM by bearbin.)
I noticed on the GitHub organisation page that I was the only member of the "Owners" team with two-factor authentication enabled.
I think that to improve security of the organisation and hopefully prevent any sort of hacking/defacement we should make all owners enable 2FA.
If not enforcing this, could you please at least consider enabling 2FA on your own account?
Posts: 1,469
Threads: 57
Joined: Jul 2012
Thanks: 66
Given 127 thank(s) in 108 post(s)
It means that you have to have a secondary authentication code to log in, yes.
Basically that means that either they can text you or you can install an app on your phone that generates codes on demand.
It means that an attacker would not just have to know your password, but also to have control of your phone (or tablet, etc) to get the code.
Posts: 4,634
Threads: 115
Joined: Dec 2011
Thanks: 695
Given 495 thank(s) in 424 post(s)
Okay, but what if my phone breaks? Can't I log back in then?
Posts: 1,469
Threads: 57
Joined: Jul 2012
Thanks: 66
Given 127 thank(s) in 108 post(s)
Yes, you can log back in because you can generate backup codes and keep them safe, and if your phone breaks you can use one of them.