![]() ![]() To access your account from within Visual Studio Code you will first need to create a personal access token. The next time you logon to Github you will be requested to enter a 6 digit Verification code from the Google Authenticator app. In the Authenticator app, find the new entry for Github and enter the six digit Verification code into the text field and then click on ' Enable'ĢFA is now successfully enabled, you should be prompted as shown below: On your phone, open up Google Authenticator and scan the QR code provided on the next page. Personally I like to use a password keeper to store these, links to Lastpass, 1Password and Keeper are provided at the bottom of the page if you wish to install and use one of these (see sreenshot below). On the next screen, take a copy of the recovery codes provided. Go to ' Security' and then click on ' Enable two-factor authentication' All other install options are set to the defaults. ![]() Visual Studio Code has been set as Git's default editor.Microsoft Visual Studio Code is installed.A Mobile Phone with Google Authenticator installed, see the link here (or search in Android/IOS app store if the link is no longer valid).This post details how I set up my environment to accomplish this task. Setting up Github with 2FA using Google authenticator is simple and documented online, however setting up 2FA with Microsoft Visual Studio Code is not as straight forward. SMS is supported but discouraged – as Paine and Singhal point out, it's no longer recommended under NIST 800-63B.If not already, at a bare minimum, you should be using 2FA (Two Factor Authentication) with all the things. Developers can use TOTP, SMS, security keys, or GitHub Mobile as their preferred 2FA method, and can have a second method as well. GitHub has expanded the 2FA options available and made an effort to ensure there are workable account recovery options, such as the ability to disconnect email accounts from 2FA-locked GitHub accounts. And 28 days after implementing 2FA, enrolled developers will be asked to validate their 2FA setup as an additional check. Users, once they initially try to log in post-deadline, will have the ability to postpone activation for up to a week but after that account access will be limited for the non-compliant. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |