Disable insecure legacy MFA methods #133944
Unanswered
k12-sysadmin
asked this question in
General
Replies: 1 comment 1 reply
This comment was marked as off-topic.
This comment was marked as off-topic.
-
|
We’ve clarified our stance on using generative AI tools like ChatGPT within our Community via this announcement. Please review the guidelines to ensure your post meets them as failure to adhere to those rules can result in action taken by our moderator team. You can read our updated Code of Conduct and the announcement for more details. Thank you for helping us maintain an authentic and beneficial space for everyone. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Select Topic Area
Question
Body
I have no use for legacy, insecure methods of authentication such as TOTP codes or SMS text messages, but GitHub will not allow me to disable both of those methods. It seems to require one of these weak methods always be enabled.
I primarily log into GitHub's web GUI with a Passkey (which is stored on a hardware security key). I use git command-line tools exclusively with an SSH key (which is also stored on a hardware security key).
My main security key is always with me, and my recovery code and a second security key are safely stored in a physically secure location. I know how to manage an account with strong authentication and not get myself locked out; I have had my Google account enrolled in the Advanced Protection Program for quite some time. I don't need my level of security dumbed down for me. I assume most people using a platform like GitHub are in the same boat with me in that regard.
GitHub, please let us remove legacy authenticators from our accounts!
Beta Was this translation helpful? Give feedback.
All reactions