I wonder what's the absolute minimum TOTP 'second factor' implementation I can put together for Github's stupid mandate that I must have MFA in order to file bug reports. There's at least one Go TOTP CLI program that stores secrets unencrypted, so that's probably it. (Github will not require that I use MFA when pushing code via SSH, just when I log in on the website. The only time I log in on the website is to make issue reports in other projects.)
