GitHub Community
2FA: GitHub is no longer a place for everyone from everywhere. #66680
Replies: 6 comments
-
|
Agreed |
Beta Was this translation helpful? Give feedback.
-
|
This required 2FA nonsense needs to be rolled back. 2FA is NOT more secure than a good password. |
Beta Was this translation helpful? Give feedback.
-
|
I contacted support and in essence they seem to not care about what we have to say. They also refuse to make accommodations as well. I migrated all of my repos to GitLab. Was straightforward to do since they have an import option directly with GitHub. Anyone migrating shouldn't delete their repos and should instead replace most if not all the content with a readme directing users to the location of the new repository. |
Beta Was this translation helpful? Give feedback.
-
No, they prefer to store them in an encrypted Password Safe on their desktop. 2FA should not be required. It should always be optional. 2FA only protects idiots that use the same insecure easily remembered password for all of their online accounts. It is not needed by those who use unique extremely strong passwords kept in a secure (encrypted) Password Safe. I am not an idiot. Stop treating me as one, GitHub. It's insulting. |
Beta Was this translation helpful? Give feedback.
-
|
This morning, I have another gem to add to the github 2FA absurdity crown! This wouldn't have annoying enough to get me to publicly complain - except that my phone (I know it needs upgrading - but it's not a life priority just now) happened to be throwing one of its increasingly frequent tantrums this morning and flatly refusing to turn on despite being fully charged. And, of course, my phone is both the thing used to receive a 2FA SMS and the thing where the 2FA Auth app lives - the two methods I have set up. So, now, in order to simply look at a repository my boss wanted to show me - you know, something a developer might do at work - I need to either go play with my browser cookies to search and destroy whatever it is that identifies me as a github developer to github (and, in the process, get signed out of a bunch of other places I'm signed into for convenience's sake - SO I CAN GET WORK DONE without being stopped and e-frisked at every turn) or download and install a different browser - one I haven't used to sign into github yet (and hope they aren't also tracking my IP, to make this extra fun). How's that for absurd? |
Beta Was this translation helpful? Give feedback.
-
|
They are sabotaging open source software
…On Fri, Jan 5, 2024 at 11:02 AM Anna Yudovin ***@***.***> wrote:
This morning, I have another gem to add to the github 2FA absurdity crown!
Now that I've [been forced to] set up 2FA on my account, and used my
"primary" browser to sign into said account, every time I try to look at
ANY github repository (not just my own - ANYONE'S), I land, instead, on a
page demanding I verify my 2FA! For the past few days, I've been able to
click on a link to delay this delightful detour from whatever the hell I
was trying to do, but this morning I was informed that this privilege was
no longer available, and I *HAD TO* verify my identity before being
allowed to look at some public repository - a privilege, I might add,
available to any internet rando clicking a google link (unless, apparently,
the unfortunate soul also happens to be a github developer who's logged
into their account in the past month or so).
This wouldn't have annoying enough to get me to publicly complain - except
that my phone (I know it needs upgrading - but it's not a life priority
just now) happened to be throwing one of its increasingly frequent tantrums
this morning and flatly refusing to turn on despite being fully charged.
And, of course, my phone is both the thing used to receive a 2FA SMS and
the thing where the 2FA Auth app lives - the two methods I have set up.
So, now, in order to simply look at a repository my boss wanted to show me
- you know, something a developer might do at work - I need to either go
play with my browser cookies to search and destroy whatever it is that
identifies me as a github developer to github (and, in the process, get
signed out of a bunch of other places I'm signed into for convenience's
sake - SO I CAN GET WORK DONE without being stopped and e-frisked at every
turn) or download and install a different browser - one I haven't used to
sign into github yet (and hope they aren't also tracking my IP, to make
this extra fun).
How's that for absurd?
—
Reply to this email directly, view it on GitHub
<#66680 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAMVH3L6CCWO2UMGKDHHDVTYNAPZPAVCNFSM6AAAAAA4SGB3J2VHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4DAMRUGYZTS>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
Phillip J Rhoades
HowToPhil.com
KE8GGD
|
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Select Topic Area
Product Feedback
Body
Not everyone has a SIM card, not everyone has a smartphone, not all countries are included in your white list.
With these facts in mind, I suggest removing the headline on the home page that implies that GitHub is "The place for anyone from anywhere to build anything", it is clearly a false claim.
Forcing a user to use a third-party application to store something that could previously be stored in their own mind is the most unintelligent, foolish, ignorant thing I have ever seen in 23 years on this world wide web.
But fear not, with a little will, the open source community (whose github benefits from) can find a solution.
For now I'm going to move all my content to an HDD and keep it safe, because as we've seen before, and we're seeing again, you can't trust other people's companies with your projects, let alone passwords.
Rest assured that the average end user like me prefers to store their long secret security tokens in a plain text file on their desktop :)
Beta Was this translation helpful? Give feedback.
All reactions