GitHub requires 2FA; here is an easy way to keep OTP

3 min read Original article ↗

Recently, GitHub announced that all users will be required to enable two-factor authentication (2FA) by the end of 2023.

github-announce

As GitHub's chief security officer Mike Hanley said, the software supply chain starts with the developer, and protecting developer accounts helps secure the supply chain.

With 2FA enabled, when logging in to your GitHub account, you have to enter your password as well as providing other factors like OTP. It can help prevent your accounts from being stolen due to password leakage.

Enable 2FA

So here's a question, how to turn on 2FA for GitHub?

It's a piece of cake. ID Guard Offline app can help.

1. Open the 2FA settings page
  • Log in to your GitHub account on the desktop webpage -> “Settings” -> “Password and authentication” -> “Enable two-factor authentication”.
2. Set up 2FA using the app
  • "Set up using an app" -> "Continue", you will see a QR code.
  • Open ID Guard Offline on your phone -> view and edit your GitHub account -> tap the scan code icon of the One Time Password -> scan the QR code on the desktop.
  • Fill in the 6-digit passcode in the input box below the QR code -> "Download", save the recovery codes -> "I have saved my recovery codes", Done.

That's all. Your GitHub password and OTP are well protected by ID Guard Offline.

You can also save more account security information like recovery codes together!

BTW, ID Guard Offline supports backing up and restoring all data, including OTP.

protection-concept-with-lock

Fill in OTP

Feel troublesome entering your password and OTP to sign in?

Please use Autofill to enjoy all the convenience.

Demonstration speaks louder than words. 👇

  • Desktop webpage
  • App on iOS
  • App on Android

Autofill security

Does that convenience lead to security threats?

Of course NOT. Safety always comes first.

  • Authenticate to unlock

Every time you use Autofill, you must authenticate with your biometric or master password to unlock the app.

Even if you temporarily lend your phone to someone else, you don't have to worry about them abusing Autofill to sign in and spy on your accounts.

  • End-to-end encryption

e2ee

After you scan the QR code to confirm filling, your password, OTP, and so on will be encrypted on your mobile app first, then sent to the cloud server via a mobile browser, and finally arrive at the extension to be decrypted and filled in.

Data remains encrypted throughout transmission. Neither hackers nor our employees can peek at your data.

Here to learn more 👉 End-to-end encryption is more secure than HTTPS

extension-arch

  • Anti malicious fraud

ID Guard Offline Autofill can identify fake apps, display the requested information, automatically match the filling account, etc.

It can prevent malicious apps or websites from defrauding your password with hidden password boxes, forged login interfaces, etc.

Take a look at this post 👉 Advanced Phishing Detection