Free and Open Source Software

17501 readers

355 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago

MODERATORS

[email protected]

GitHub 2FA enrollment (feddit.de)

submitted 10 months ago by [email protected] to c/[email protected]

18 comments fedilink hide all child comments

I just received an email from Github that they are now ofically begin to require users who contribute code need to have 2FA enabled.

Why isn't password + email already sufficient? Why do I need to use a third FA to satisfy their requirements? Is it reasonable to feel stumped or angry about it?

Would like to hear your thoughts about this.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 10 months ago* (last edited 10 months ago) (1 children)

If I were to steal someones phone in public I will assume they have at least a bank app and multiple apps with their card saved for easy buying. By the time they get access to another device or their banks I get enough time to do a lot of damage. I can also save some credentials for later access after the waters settle. I doubt my victim will go through each of their accounts and change passwords. Most users use a Gmail account which has multiple ways to get access back, and most users don't know how to check them and disable what they use and not use. I can easy setup a sort of backdoor in their email and gather more important information.

You never know what important information you might store in your Github account. You have a donation link in your description? Would be a pity if I would change that link to my personal bank account and just divert some fund back in your bank account to not raise suspicion.

[–] [email protected] 2 points 10 months ago

Huh, okay yeah you made your point and I see it now. Thanks :)