> So you are ok with 2FA, right? Yes. Are you not? It's one of the most effectiv... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		hobofan 22 days ago \| parent \| context \| favorite \| on: Migrating the main Zig repository from GitHub to C... > So you are ok with 2FA, right? Yes. Are you not? It's one of the most effective measures to prevent a whole class of supply chain attacks. On Github the 2FA is also flexible enough to allow non-hardware passkeys, so you can choose a privacy preserving option with good UX.

Spunkie 22 days ago [–]

Last I looked a couple of years ago, GitHub 2fa has a lot of shoddy gotchas actually. There are a handful of GH issues on it with tons of comments.

For example it was impossible to remove/delete a phone number 2fa, even if you registered multiple other 2fa sources like security keys.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact