I've given up on using GitHub. Nothing else I use requires 2FA, I don't have a smart phone, and figuring out an alternative just to post bug reports is a waste of my time, so I've taken to emailing the developers instead.
The complete lack of consistency in MFA requirements just show no one knows what the fuck they're doing.
DoorDash: Every time I need to enter an SMS code.
UberEats: Same thing, SMS code every time.
Grubhub: No MFA ever. Wonderful.
Twitch: Every couple days I need to enter a code sent to my email (because I won't give them my phone number which they really really want me to give them).
Reddit: no MFA requirement...for now. Given how fucking garbage they've become I wouldn't be surprised if they start enforcing it soon.
Amazon: no MFA requirement despite sometimes asking.
GitHub’s 2FA gives you the option to use SMS. But even for the authenticator method you don’t need a phone, most decent password managers nowadays support saving (and auto-filling) 2FA tokens.
There’s also the option to print/write down the one-time codes. Though the latter would admittedly be a bother if you log out frequently.
Sure, but I don't like any of those options. I don't want Microsoft to have my phone number, I have like 15-20 logins, which is small enough to keep on paper [1], so I have no password manager, and I always logged out of GitHub since I generally log in to things via a private window.
I really, really don't like being tracked, "filed, stamped, indexed, briefed, debriefed, or numbered", so avoid accounts as much as possible, and all the more so from megacorporations.
[1] Correction: I originally said 10-15 but I remembered a few that are in the Firefox password manager, like archive.org.
