I just received an email from Github that they are now ofically begin to require users who contribute code need to have 2FA enabled.
Why isn’t password + email already sufficient? Why do I need to use a third FA to satisfy their requirements? Is it reasonable to feel stumped or angry about it?
Would like to hear your thoughts about this.
Use an open source 2FA which lets you export
You can store your recovery codes as files in KeepassXC
Sounds like a good approach