chiperific
commented
11 years ago I went and checked my account. Guess what I found:
Looks like they tried to brute force me, but my ninja password skills protected me!
Thanks for the great article!
Open billgathen opened 11 years ago
chiperific
commented
11 years ago I went and checked my account. Guess what I found:
Looks like they tried to brute force me, but my ninja password skills protected me!
Thanks for the great article!
billgathen
commented
11 years ago Well done, Chip!
I'm using my iPad to respond for the first time since enabling it, and the text arrived immediately. Worked perfectly and no hassle at all.
jasonrwagner
commented
11 years ago Thanks for the heads up Bill... Look what I found.
2 days ago user.failed_login: Originated from 222.89.157.83 2 days ago user.failed_login: Originated from 186.91.192.34 3 days ago user.failed_login: Originated from 186.47.231.122 3 days ago user.failed_login: Originated from 190.199.194.188 4 days ago user.failed_login: Originated from 180.183.62.122
GitHub was brute-force attacked and some account passwords were reset after being hacked. The attached article lays out what happened and why 2FA will prevent it from happening again:
https://github.com/blog/1698-weak-passwords-brute-forced
The short explanation is that each time you log in with your username/pass from a new machine, it will send you a text on the number you supply with a random code that you'll have to supply as well, to prove it's really you. Once the machine has been recognized once, you won't need the code anymore. This prevents anyone without access to your phone from getting into your account or discovering your password.
Let me know if their instructions are confusing and help any way I can, but they're a good bunch at GitHub and should have everything you need.
And yes, I've already enabled it on my account, even though it has a nice strong password. :wink: