All, Github is forcing 2FA (two factor authentication) beginning Oct 12 for accounts that make contributions to other repositories or otherwise contribute. Why a goofy algorithm from my computer is better than my 2048 byte RSA key doesn't make much sense. (though likely a way to dupe users into providing a mobile phone number that can be monetized) If you find yourself having to come up with 2FA codes, then there are a few apps that do it without involving your phone. Commandline: The "oath-toolkit" package provides the oathtool command line utility to generate the timed one time passwords given the secret key you are assigned from the site: $ oathtool --totp --base32 KEY (the options needed depend on the key format) where KEY is the secret key you were given. If you have a number of sites, you can create a short script to read the key from a file which is fairly convenient. With a little thought you can have the function accept a filename or key. GUI App: keepassxc has a totp function and allows assigning the secret key to each entry in your password database. (rather odd interface done though the context menu - Right-click -> TOTP -> Set up TOTP, add your key, then you can open a window to see the timed one time password to use) After you configure it, you can just double-click the little timer icon next to the entry to copy to the clipboard (nice touch, somebody had their thinking cap on...) Phone: It kills me, but the google-authenticator is about a well recommended as anything else. You can use it without a google-account. Just add your key and it spits out the timed one time password. Summary: Another solution just looking for a problem to solve, but at least there are tools to combat the latest unwanted "feature" of the web. -- David C. Rankin, J.D.,P.E.