What PII? You store a TOTP secret on your <device>.... It's less PII than an ssh... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		stephenr 15 days ago \| parent \| context \| favorite \| on: GitHub now requiring 2FA for all contributors,what... What PII? You store a TOTP secret on your <device>.... It's less PII than an ssh public key because it's literally just a random string, that they generated, and you only need it for the web UI. So please tell me how the Americans are going to track and identify you through a fucking TOTP secret.

bjourne 15 days ago [–]

My phone number dumbo.

stephenr 15 days ago | [–]

Why would you use a phone number for 2FA. It's like saying you only use md5 hashing for passwords.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact