GitHub requiring 2 Factor Authentication after 6 OCT 2023

GitHub is requiring 2 Factor Authentication to log in after 6 OCT 2023.

SUBTITLE: Two factor authentication without a phone.

2FA is Great if you have a cellphone. I do not.

Can anyone suggest desktop utilities to use 2FA to log into GitHub without a phone ?

I prefer reputable well known software companies to some unknown Joe publishing a Win App.

So far what I have tried has led to dead ends or so much information I get a headache trying to figure out what is needed. By this I mean I can myself search for Apps, install them … only to find that a phone number is required.

UPDATE: Any kind of phone is not a solution for me. Please do not point me to an App unless you know it does not require a phone number or a cellphone.

On a quick read though it looks as though you can also use text msg to perform the 2FA step. Would that work for you?

How will I get a text message without a cellphone ?

Ah sorry you were quite specific about a smart phone. I remember before the ubiquitous (or nearly so) smart phones we had dumb cell phones that did talk and text (and snake) and that was pretty much it.

Any 2FA should have an option or a Yubi key or similar but that doesn’t seem to be the case here. I look forward to hearing how you resolve the issue.

Google Voice might be an option for you. You can receive texts on phones or web browsers.

Dan, did you find a good solution to your Github two factor authentication needs? I have the same needs.

Not yet. Today I had to click a “Remind me again tomorrow” button to get it.

I would get a cheap phone, there are phones without any internet connection or special features, just calling and messaging, I got one for 20 euros in mediamarkt(Germany) but I’ve seen cheap ones on best buy(Miami) as well.

Getting a phone and paying a monthly bill is not part of the solution.
It has to do with both medical and financial reasons. Period.

Try the Yubikey desktop totp app

They produce hardware for this kind of thing - though you may be able to use it to generate TOTP codes without one.

I just enabled two factor authentication and selected the alternative method at the bottom of the security section. I added my Google Voice number for SMS and can confirm that I received a code (in web browser) and was able to login (copy ‘n’ paste).

The Google Voice sign up portal, at the chose phone number step, says:

You must have an existing US-based mobile phone number to qualify.

As said, I do not have nor want to maintain a cell account merely for the purpose of logging into GitHub.

But for those readers that do, this could be an easy way for them. Just not me.

You can get a phone without having to pay a monthly bill for a plan, there are prepaid options, you just have to make a recharge once a year to be able to receive messages and calls if you don’t want to lose the number, it’s not necessary to recharge unless you want to make calls or send messages.

Listen. Thanks for weighing in, but I do not want a cellphone. Getting a phone is not the problem.
My dad has several late model Android smart phones that I could use, if I wanted a cellphone.

Again, I do not want a cellphone just to log into websites like GitHub.

It’s not a one time cost. And the phone needs to be kept changed. (I do not need any more device chargers in my life.)

I installed the Yubi Authenticator app, and the first thing it said was “Insert your YubiKey”.

It looks like getting a USB-C dongle FIDO2 key is the best and most secure solution. The list at:
Microsoft Entra passwordless sign-in | Microsoft Learn
… seems to indicate that Feitian, Yubico, and Thetis (in this order) are top of the list (quality-wise).
Prices range from 28 to 75 dollars US.

UK based here so I’m not sure if this will work for your country but you always used to be able to send a text message from a cell phone to a standard “landline” phone.

In the early days of cell phones, when we were all younger and immature, you used to be able to text obscene messages to your friends house-phone and an automated robotic voice would read the text out.

Not sure if this is still the case, or even if it would work in your country but perhaps asking a friend to try sending a text from their cell to your house/desk number?

I realise this isn’t the best solution but it may(slim chance) just work.

A phone (any kind) is not a part of the solution for me.

FYI, the landline phone is 2 rooms away and is a family phone, not a personal phone and has an answering machine connected. It is in the family room where others watch TV. The last thing TV watchers want is the phone ringing every time I’m logging into websites in my room.

Sorry Dan. I thought it was possible to get a GV number with a landline or cell number and then disconnect the phone used to get the GV number. This seemed like a cell phone free way of getting a number since it works in browsers.

That’s becoming a quickly recognised standard - so it might be worth an investment.

Authy do a desktop app - maybe give that a try and see if you can set that up without needing the phone version

@DanRathbun

I’ve had GitHub 2FA set up for a while (via SMS), does the Authy app work? On the GitHub 2FA setup page, I noticed reference to

Authenticator app
Use an authentication app or browser extension to generate one-time codes.

I’ve used Authy for a forum, never tried it with GitHub…

I have not tried Authy, yet. I looked through the guides on it’s webpages and they all seemed to show using a cellphone.

Re, apps, I am weary of trying them, installing them only to find they need a cellphone of a pluggable dongle key.
It gives me a headache reading all this stuff and trying multiple apps.

The weird thing is none of brick and mortar stores I tried carry dongle keys in stock. Some of their webstores do (even Walmart Online). Even the techs in the stores have never heard of them.

From what I read about the external FIDO2 key would not need me to type in a “magic” number. I think I would prefer this most.