undefined | Better HN

story

0 pointscstejerean9y ago0 comments

But it's not just about having access to example corp. If I log in to GitHub from my work laptop then my company technically has access to my personal GitHub account and the repos of any other organization I happen to belong to. It goes the other way around to. If an attacker hacks my personal laptop and I'm logged into GitHub then they have access to all of my companies repositories.

There are perfectly valid reasons for segregating accounts so that there is complete separation between them.

0 comments

zawaideh9y ago

You company only managed your membership in the GitHub organization. It doesn't have access your personal account or the details within it.

cstejereanOP9y ago

It does if I am logged in on a company laptop and they control access to that laptop. (This is hypothetical in this case, I happen to know that the particular company I work at does not have any backdoors on my laptop).

JoshTriplett9y ago

That's why I'm saying it may make sense to separate identity from access.

j / k navigate · click thread line to collapse