On March 13, we will officially begin rolling out our initiative to require all developers who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Read on to learn about what the process entails and how you can help secure the software supply chain with 2FA.
Like why on earth do I need two different authenticator apps on my phone (authy&google authenticator)?
you… don’t?
Both of these implement exactly the same protocol (TOTP). Used authy for all my Top Of The Pops Time-based one-time password needs exclusively, before moving everything to bitwarden
Unfortunately there are some websites that require Authy (probably because Authy wined and dined some business executive). I absolutely loathe these sites but if it’s a site you’re not willing to live without, you’re stuck with having Authy plus your main 2FA app.
which ones are that? I’d love to check, because afaik, they have a feature that enables push-2fa via authy, but should generally work on other apps as well
Sendgrid’s only options for 2FA are Authy (their proprietary token generation, no option for TOTP) or SMS. Tried signing up the other day and was surprised to find no option to use standard TOTP.
Are you sure that you can’t use a different TOTP generator? There’s a difference between telling you to use Authy and still being able to use a different app
Yes I’m sure, hence why I specifically mentioned that. Try the sign up procedure yourself. It REQUIRES 2fa and it has to be Authy’s non-standard token or SMS. No option for regular TOTP.
thx. just making sure. I already saw a lot of people annoyed about a specific app, just because that was the one being advertised, but in the end it was TOTP
Well the good news for you is that a website specifying one or the other is nothing more than marketing from that app maker! So long as there is a QR code (or a long random-ish string), you can use any authenticator app that supports that website’s 2FA algorithms!
That last bit is important because I think Lemmy had a non-standard 2FA algorithm (SHA-256?) that wouldn’t work with Google Authenticator.
Lemmy works with Google Authenticator, but not with Authy.
Annoyingly Authy fails silently and ignores the part of the code that specifies SHA-256 and just generates a SHA-1 code that won’t work with no warning or indication to the user.
you… don’t?
Both of these implement exactly the same protocol (TOTP). Used authy for all my
Top Of The PopsTime-based one-time password needs exclusively, before moving everything to bitwardenUnfortunately there are some websites that require Authy (probably because Authy wined and dined some business executive). I absolutely loathe these sites but if it’s a site you’re not willing to live without, you’re stuck with having Authy plus your main 2FA app.
which ones are that? I’d love to check, because afaik, they have a feature that enables push-2fa via authy, but should generally work on other apps as well
Sendgrid’s only options for 2FA are Authy (their proprietary token generation, no option for TOTP) or SMS. Tried signing up the other day and was surprised to find no option to use standard TOTP.
https://docs.sendgrid.com/ui/account-and-settings/two-factor-authentication
Are you sure that you can’t use a different TOTP generator? There’s a difference between telling you to use Authy and still being able to use a different app
Yes I’m sure, hence why I specifically mentioned that. Try the sign up procedure yourself. It REQUIRES 2fa and it has to be Authy’s non-standard token or SMS. No option for regular TOTP.
thx. just making sure. I already saw a lot of people annoyed about a specific app, just because that was the one being advertised, but in the end it was TOTP
websites explicitly said to get one or the other so I did.
Well the good news for you is that a website specifying one or the other is nothing more than marketing from that app maker! So long as there is a QR code (or a long random-ish string), you can use any authenticator app that supports that website’s 2FA algorithms!
That last bit is important because I think Lemmy had a non-standard 2FA algorithm (SHA-256?) that wouldn’t work with Google Authenticator.
Lemmy works with Google Authenticator, but not with Authy.
Annoyingly Authy fails silently and ignores the part of the code that specifies SHA-256 and just generates a SHA-1 code that won’t work with no warning or indication to the user.
that’s good to know. I’ll just switch everything over to google authenticator then.