and near the end a cat in hand 
video â https://twitter.com/DefenceU/status/1693922011951542408
5 Likes
GitHub got worse! " GitHub users are now required to enable two-factor authentication as an additional security measure. Your activity on GitHub includes you in this requirement. You will need to enable two-factor authentication on your account before October 05, 2023, or be restricted from account actions."
1 Like
Thatâs kind of a good thing, not a bad thing âŠ
4 Likes
I just got that 3 hours ago.
Things are worse for me as GitHub donât accept Chinese phone numbers â so Iâm bound to use some authenticators that Iâve never heard of before. 
4 Likes
Where do you get that notification?
1 Like
You should just be able to use something like Authy or Microsoft Authenticator
5 Likes
Thanks!
It went well.
Although, Iâm still anxious about all of the workload (it ainât that hard as I know a decent amount of Japanese for a beginner).
But between keeping a high GPA (I got into a good college that I applied to and I qualify for a 14 grand scholarship) and my perfectionism (OCD has a lot to do with it, I bet), itâs hard to realize how fun the experience really is.
4 Likes
According to GitHub, this enforcement only applies to those who âcontribute codesâ.
I donât know if you already enabled 2FA youâll still get the email but you probably will.
And if you donât, maybe they thought that you donât âcontribute codesâ.
6 Likes
With the flagging of another site (turnout.app) by Google Safe Browsing, I have detected a pattern that occurs in those flags (unsure if itâs been mentioned before): login/signup pages as an index page.
Websites which have a login page as their index are almost immediately flagged by Google Safe Browsing; nearly every case I have seen reported on this forum is a site that had a login page as its index. Iâm not sure if Google does this for all sites like this, or if they only flag sites ran on free hosting (because they might be considered easy targets for spammers, who usually set up deceptive sites with login pages as an index to serve totallyfacebook.notascam.tld as iframes or similar methods).
8 Likes
OH NO
lol
sorry, this was very elementary or me
11 Likes
Why oh no? 
4 Likes
These sites also have a higher tendency to violate TOS as well
5 Likes
âBut some files could not be lostâ
6 Likes
some files could not be lost
*recovered? Because theyâre already lostâŠ
5 Likes
Yup I never contribute to a repository.
4 Likes
A sad faith
3 Likes
That is a risk, yes, but remember that not every vulnerability is the same. Iâve seen CVE reports of âcriticalâ vulnerabilities, that either are impossible to exploit because the requires scenario is impossible to reproduce, or even things that are just expected behavior of software.
Using EOL software adds risk, but doesnât inherently create security vulnerabilities.
Iâve seen people being super picky about EOL dates and not using unsupported software, but then being lax in actually staying up to date with security patches.
I wonât say I agree with iFastNetâs decision here, but I can understand their reasoning.
Oh, no, GitHub cares about the security of projects they host, and the people and projects that depend on them! What a tragedy!
No, youâre not.
GitHub offers various authentication options:
- SMS (which is an option for you it seems).
- Authenticator app (uses standard TOTP).
- Security keys (hardware tokens like Yubikeys).
- GitHub Mobile (their own app).
You can just use any TOTP you want, you donât have to use any specific one. GitHub provides some recommendations (I assume), but doesnât mandate any specific one. You can use Authy, Aegis, Google Authenticator, or use the TOTP features of your password manager (Bitwarden, LastPass, KeePass all have it).
And if you never heard of any TOTP authenticator, then I strongly recommend picking one up. TOTP is supported almost everywhere, is much easier to use (IMO) and much more secure than using SMS authentication.
And if you really donât want to use an external app, you can just use GitHubâs own app instead.
The InfinityFree client area also exclusively supports TOTP for authentication, so you can use any authenticator app you want.
I was sure that only accounts on the .98 and .116 IPs were affected. Until proven wrong.
Fixed now.
8 Likes
Well, according to my own experience, it is not this simple.
The GitHub 2FA options are somehow categorized into 2+2:2 âMain methods" and 2 âExtra methodsâ. You can only select âMain methodsâ when you first setup 2FA, which is:
- TOTP Authenticators.
- SMS.
Only after you enabled 2FA the rest âExtra methodsâ will be available to you.
While
So SMS was clearly not an option for me, thatâs why I said
I do admit I was a bit too certain â anyways Iâve already signed up for Microsoft Authenticator and GitHub is happy 
Also, my experience could be wrong or incomplete.
7 Likes
I use Authy as main authenticator, then when apps (or my modem) requires me to be bound to a specific authenticator, I use the authenticator it requires me to bind with, except for Google which seems to support other TOTP authenticators as well.
6 Likes