I personally am fine with this.

  • NekuSoulA
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Normally you get a handful of recovery codes when you set up 2FA. If not, you can just create a backup of the QR-Code or secret when setting up 2FA and store it in a safe location. And even if all that fails there’s usually a way to recover an account by going through support.

    Although I wouldn’t recommend it, there’s also 2FA apps out there that have cloud-sync.

    • argv_minus_one@beehaw.org
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      edit-2
      1 year ago

      It’s pretty hard to hand-write a QR code, I don’t wish to pay the printer cartel $50 for the privilege of printing it, and it would of course be horribly insecure to print it with someone else’s printer.

      And how would I use the QR code? I can’t scan it with my phone’s camera because allowing my phone access to my GitHub account is a security risk, and I can’t scan it with my desktop because it doesn’t have a camera.

      So, how is this going to work? How do I recover my GitHub account without making it less secure than it is with just a password?

      • NekuSoulA
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        1 year ago

        Is this some kind of joke that’s going over my head?

        If not: The QR code alone doesn’t give you access to the account. That’s the entire point of 2FA. Plus, you always get a ~20 character code that can be backed up instead of the QR code. Screenshots are also a thing.