Just wondering what people are using to meet the 2FA requirement GitHub has been rolling out. I don’t love the idea of having an authenticator app installed on my phone just to log into GitHub. And really don’t want to give them my phone number just to log in.

Last year, we announced our commitment to require all developers who contribute code on GitHub.com to enable two-factor authentication (2FA)…

  • rcbrk@lemmy.ml
    link
    fedilink
    English
    arrow-up
    4
    ·
    5 months ago

    As in “Hi PhoneCompany, I’d like a mobile plan with you. Yes, I’d like to bring my old phone number over to the new account.”

    Or “Hi PhoneCompanySupport, I’m @thingsiplay and i lost my sim, plz send me a new one. BTW my new address is …”

    Ideally it shouldn’t happen, but phone company security is pretty slack sometimes,

    • thingsiplay@beehaw.org
      link
      fedilink
      arrow-up
      3
      ·
      5 months ago

      That’s a big far fetched from reality, just to build an anti argument. I don’t know where you live, but in Germany this cannot happen. You can’t just order a sim to any address and use the phone number of you wish. You have to provide with 100% certainty that you are the owner of the sim card, as every new registered card/number has to provide your goverment id and your personal signature. Also taking old phone number to new account can only happen, if you provide proof you owned it in the first place.

      If you know any case (here in Germany) someone could steal the phone number like you just described, please provide a link. This would be a huge security issue that should not be possible to happen. Nobody in the world can do that to my phone number and I think you just fabricate something that is not possible in Germany.

      • rcbrk@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 months ago

        Ah, that’s good then.

        In Australia you really only need a name and date of birth and ID such as a passport or driving license number of the owner. No physical or even photographic proof. Some phone companies send the original sim a notification before moving it, but no response is required and moving the number often only takes 10~30mins.

        Banks in Australia commonly use sms codes as 2fa.

        A large percentage (20~30%?) of adult Australians have had their ID details leaked in recent years because there are no adequately enforced security requirements or data-retention limits. One of the largest breaches was the second largest mobile phone provider…

        • thingsiplay@beehaw.org
          link
          fedilink
          arrow-up
          1
          ·
          5 months ago

          I see. Off course I only speak from my environment. Even if ID details would have leaked, it should be impossible for someone to get my phone number, even if the person knows my name and phone number and any ID details.

          It’s actually quite hard to get authenticated for a new phone number in my opinion. In example last year I setup this new number and at first try it did not work, without giving any reason that could give a hint. I ended up buying a different prepaid sim card and the process was the same: go to bank, and do all the shenanigans and dance.

          BTW sorry for my previous inflammatory language; I get heated up pretty quickly. And you stayed cool.

          • rcbrk@lemmy.ml
            link
            fedilink
            English
            arrow-up
            2
            ·
            5 months ago

            No worries. The situation I was describing is indeed absurd and defies reasonable expectations.