undefined | Better HN

0 pointsdoctor_eval1y ago0 comments

Really? That’s how I log into GitHub!

0 comments

I stopped logging in into there since they forced 2FA on me because of an old contribution to an open source project. It's too much of a pain and I don't need to be logged in to look at the code of the modules or libraries I'm using or I could use. As collateral damage, I stopped opening issues on open source projects, that was maybe two or three issues per year. All my customers are on Bitbucket at the moment and it still works with username and password. If it would switch to 2FA, I'd have to comply.

nathan_douglas1y ago

If you have something like 1Password, it takes one or two clicks to set up 2FA for a given site and Passkey setup for a given site is pretty painless. There’s even a decent amount of CLI integration for signing commits, etc. As a federal contractor working in and out of higher security areas, 2FA and Passkey are… really not intrusive or disruptive to my daily life.

stavros1y ago

It amazes me the lengths people will go to to avoid security.

ayewo1y ago

It’s not that the gp is trying to avoid being secure.

It’s that for a service that you only have a need for, a few times a year, mandating 2FA is an unnecessary hassle that can lead to user frustration.

I’ve experienced the same with Gitlab. I rarely use Gitlab and don’t have anything important hosted there but when a project I was a member of enabled 2FA for all contributors, it made my Gitlab account completely frustrating to use.

Typical scenario: I’m trying to do something brief on Gitlab that requires me to be logged in so I login then get shown an interstitial page saying I cannot proceed until I enable 2FA on my Gitlab account. Every action I attempt while logged in will fail unless I either enable 2FA or remove myself from the project that enabled mandatory 2FA after I was added.

GitHub’s 2FA implementation is night and day better than Gitlab’s but I imagine the user frustration must be similar if you find yourself suddenly having to enable 2FA because a GitHub org you were already part of mandates it.

1 more reply

j / k navigate · click thread line to collapse