I just received an email from Github that they are now ofically begin to require users who contribute code need to have 2FA enabled.

Why isn’t password + email already sufficient? Why do I need to use a third FA to satisfy their requirements? Is it reasonable to feel stumped or angry about it?

Would like to hear your thoughts about this.

  • Emanuel
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    I’m not particularly angry or stumped about this, but I agree that it should be the user’s choice. I value freedom, especially regarding software, and I’d much rather have an OS that lets me delete the root folder than one that does not let me delete system32, even if I never intend on doing any of those things. In much the same way, I think I should get to decide how much I am willing to protect a particular account. What github should do is point to the option of using 2FA and recommend it, with a brief explanation, not requiring it as policy.