3

I have no smartphone and I only carry my cheap dumbphone when I know I might actually need it to contact someone (ie. approximately never). Generally speaking, I have no phone I'd use as a trusted device.

I do have a YubiKey Neo and a laptop.

GitHub's 2FA appears to require a trusted SMS-capable phone in order to even start configuring it.

  • Is there any way to bypass this requirement?
  • Is there a good reason for this requirement? 'Everyone has one' is, as already indicated, not a good reason.
Alex Davidson
  • 337
  • 1
  • 10
  • `Is there a good reason for this requirement? 'Everyone has one' is, as already indicated, not a good reason.` Everyone they care about being able to access their product has one? – kylieCatt Jun 17 '16 at 20:09
  • That's a good reason, yes. :P Still very irritating... vaguely interested in whether it's a conscious business decision or a mere assumption. I consider the former acceptable, but the latter reprehensible. – Alex Davidson Jun 17 '16 at 20:12

1 Answers1

2

Per GitHub, "You must have already configured 2FA via a TOTP mobile app or via SMS," in order to configure FIDO (YubiKey's standard) 2FA.

TravisEz13
  • 2,263
  • 1
  • 20
  • 28