github is insisting on 2FA, with no recovery if you lose recovery keys. Does their app on the same phone help at all if the phone is lost?
Github has just insisted on 2FA, and promptly warns that if you lose your phone, you will lose your access forever if you don't have the access recovery keys. For me, this is a bigger risk than someone attacking me. I can easily envision multiple scenarios (fire, flooding) where I would lose the phone and an ubikey at the same time. I used authy, then added github app because they asked me to, but they are both on the phone, so it is not clear to me what possible benefit that has.
I don't mind 2FA, but everyone seems to be going out of their way to be a pain in the butt, slow down access, and then to say if you lose it, you're done? Is there any way out of this madness?
The recovery keys are in bit warden, which at the moment doesn't require 2FA, but if they do, then I am in an infinite loop.
I have been thinking about the problem for some time from a theoretical point of view and think that perhaps circles of friends who can vouch for each other, some kind of physical thing that requires in person to recover. But even then, in more extreme circumstances, you're a refugee, you don't have any friends nearby, what do you do? It's a tough problem.
