On Fri, Apr 12, 2024 at 04:50:13PM -0500, Chris Adams wrote:
Once upon a time, Richard W.M. Jones rjones@redhat.com said:
So the problem with github is they don't allow you to have 2FA on a backup device (or rather, it *is* possible, but the process is ludicrous[1]). If you have your phone as second FA and lose it then you have to immediately fall back to the piece of paper.
I haven't seen a site with TOTP 2FA allow multiple TOTP codes, they all just store one. It's trivial to scan the TOTP code into multiple devices (depending on the software used, you can sometimes "export" a TOTP code from one device to another by showing a QR code on the first device), so that's hardly a "ludicrous" method.
I sometimes think how hard it would be to explain all of this to my mother. I don't understand why 2FA needs to be so obscure and clumsy to use.
Rich.