this post was submitted on 06 Jan 2025
28 points (78.0% liked)

GitHub

124 readers
1 users here now

A community for discussion and posts relating to github https://github.com/

founded 1 year ago
MODERATORS
 

Hello dear Lemmy Community,

I have a very nice story to tell you all. I was having a blast over the last few days setting up a home server with completely open-source software. As usual, I encountered some small problems with specific apps, so I wrote two issues and one feature request on their respective GitHub pages. After a few days, I received no responses in the very active communities, but nothing too strange yet.

Today, in the evening, I used my phone to check if a specific issue had gotten any reactions by now, but I couldn’t find my issue at all. I just saw "23 open issues," and none of them were mine. After logging in, it miraculously changed to 24 open issues.

Well, after a bit more testing, it turned out I was shadow banned. After discovering that, I tried to contact their support, but I was told I need to activate 2FA via an app or phone number first. "No thanks," I thought, and went ahead to try deleting my (not so important) GitHub account. But surprise, surprise: the account deletion button was greyed out, and I was told to write their support! Which I can’t do because I don't have 2FA!

What the fuck, GitHub?!

Thanks for reading! I hope you had more fun reading this than I had experiencing it.

you are viewing a single comment's thread
view the rest of the comments
[–] Xamrica@lemmy.dbzer0.com 3 points 1 week ago* (last edited 1 week ago) (1 children)

Never took the time to properly set it up and look at it. :/ And at least with the 2FA Apps I want to properly understand them before using them, but you are probably correct.

[–] boblin@infosec.pub 13 points 1 week ago (1 children)

Standard TOTP 2FA is simple. You get a token when you enable 2FA, which you enter into the app (often there's a QR code you can scan, but it's always possible to enter it manually). The app generates a code (usually six digits) based on the token and the current time. Then when you log into GitHub you enter that code when prompted. That's it.

[–] Xamrica@lemmy.dbzer0.com 5 points 1 week ago* (last edited 1 week ago) (2 children)

Thanks for the explanation and I was just starting to look into them myself and I have to say, they look good, simple and private. Any recommendation for an local 2FA App with automatic local backups? Currently looking at Aegis

[–] boblin@infosec.pub 8 points 1 week ago

Aegis is popular and will serve the purpose.

[–] Kissaki@programming.dev 4 points 1 week ago (1 children)

As an alternative to 2FA (mobile) apps, you can also use password managers like KeePass. They (or some of them) support 2FA/TOTP.

[–] Xamrica@lemmy.dbzer0.com 3 points 1 week ago

Oh, nice! Thanks for pointing that out, I never noticed it before. Since I’m already using KeePass, that will be the way to go for me.