Hacker News new | comments | show | ask | jobs | submit login

I don't think either would help in this situation. HSTS helps prevent SSL stripping attacks, which whoever is denying SSL access to GitHub doesn't need to bother with.

2FA serves as an annoyance to phishers, but whoever is doing this network attack has direct access to your session cookie.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact