I have two hardware tokens that generate pseudo-random six-digit codes, for two-factor authentication schemes: an RSA SecurID and a Gemalto. I also have a Yubico key that plugs into the USB bus. Can any of these be used to provide the two-factor authentication that Github will require by the middle of 2021? Can anyone point me to the directions for how to set this up?
I prefer to use one of these devices because I believe that they're more secure than the apps, and, I already own them and use one of them for authentication with AWS.
Thanks for your advice and suggestions.
First of all, GitHub isn't requiring that users use 2FA, as far as I'm aware. They're requiring that users switch from authenticating to Git using just a plain password to using either an SSH key or a personal access or OAuth token for HTTPS. These are the same requirements as for users that currently have 2FA set up, since plain passwords are not allowed over HTTPS for those users.
However, I do strongly recommend 2FA (as, of course, does GitHub). You can't use a hardware token that generates a six-digit code as far as I'm aware. You can use any WebAuthn device that supports FIDO2, like a YubiKey (which you said you have), Windows Hello, or TouchID, or you can use a TOTP app from your phone.
If you want to set up 2FA, then you can go to https://github.com/settings/security and set up the devices there. There's also a helpful link that points you to the documentation. I've personally set up two YubiKeys and a TOTP app, since the latter is a little easier to deal with in recovery situations.
Note that once you do that, you'll need to use a personal access token instead of your password when using Git over HTTPS. You can follow the directions outlined in the Git FAQ to reset your credential manager and then, when prompted for the password by Git, enter your token. Your username can remain the same.