On Jun 14, 2021, at 5:27 PM, Tim Peters <tim.peters@gmail.com> wrote:

[Donald Stufft <donald@stufft.io>]
You can a Yubikey for like $15? or so and use that for best in class 2fa.

You can also get an app for your desktop PC that can do TOTP codes
(1Password has it built in, I’ve never used any of these applications
though).

Thanks!  Alas, it's all utter gibberish to me.  I'm going to ignore
this until GIthub refuses to talk to me ;-)

Their docs say "After you configure 2FA using a mobile app or via text
message ...", neither of which I can do. If "Yubikey" requires some
other kind of setup. their docs don't mention it.

The desktop apps I spoke of work instead of a Mobile app. 

I’ve never used these, but some googling suggests

https://www.microsoft.com/en-us/p/2-factor-authenticator/9nblggh5k7jn?activetab=pivot:overviewtab

Or 

https://www.microsoft.com/en-us/p/winotp-authenticator/9nf2rgqkx1mv?activetab=pivot:overviewtab


Might work if you’re on windows. 

There’s some for every OS though.


yubico.com lists a ballfing variety of devices, from $24.50 to $90.00.
If I buy one and plug it in, and that's the end of it, fine by me -
happy to eat the cost. But I'm not keen to waste time wrestling with
anything :-(

Sorry, the standard is called webauthn (or sometimes FIDO or U2F), and
yubikey is just the biggest supplier of them. Some information here:

https://github.blog/2019-08-21-github-supports-webauthn-for-security-keys/

 
I guess they’re more expensive than I last remembered them being. It’s been
a few years since I bought mine (or I got it on sale, I don’t remember’j. There’s
a review of some of the security keys available at

https://www.theverge.com/2019/2/22/18235173/the-best-hardware-security-keys-yubico-titan-key-u2f

Or if you like wire cutter:

https://www.nytimes.com/wirecutter/reviews/best-security-keys/