I just received an email from Github that they are now ofically begin to require users who contribute code need to have 2FA enabled.
Why isn’t password + email already sufficient? Why do I need to use a third FA to satisfy their requirements? Is it reasonable to feel stumped or angry about it?
Would like to hear your thoughts about this.
On the one hand, security is good in the general case, and github has a right to set whatever (legal) conditions they want for the use of their services.
On the gripping hand, for the kind of stuff I’ve put on github in the past? Not worth even a tiny bit of additional friction, especially when I hate git to begin with. I’ve been procrastinating for a while now about moving or deleting existing repositories. Should get on it, I guess.
(There are also certain details of how they’ve executed their security upgrade, which locked some maintainers out of their projects at one point, that I don’t like, and which has reduced my already low trust in them.)
Most of my private and personal projects I host on my own server anyway but recently I began to contribute to public projects, and even if its just translations, and I would love to continue doing it. So I’ll use an Authenticator then for my github account.