this post was submitted on 19 Aug 2023
145 points (98.0% liked)
Open Source
31366 readers
118 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm just migrating away from github because of this. Sr.ht is looking promising.
Why would you not want to use 2FA?
Most likely because of the "2" in "2FA"
I know it is an unpopular opinion, but it is a huge headache in general. I don't think the theoretical benefits (which make total sense) actually pay off in reality and are worth the extra headache. I'm not saying they should not have it at all, but it should be at least opt-out instead of forced.
In the case of github, I think it is part of their long drawn out plan of data collection and proprietary lock down. Next they are going to require your house address and government ID. I feel better using an free and open source platform anyway.
How exactly could a site collect more of your data through 2fa?
Well, if you use a password manager such as bitwarden you can store your 2FA one ctrl-v away. Even if this is a less secure setup, that still prevents someone eavesdropping on your password from reusing it.
Unless you clear cookies constantly, you need to login just once in a while, where is this huge headache? Password get stolen, 2FA protect you from that.
Where does this even come from, passwords are increasingly insecure and adding another factor, especially authenticator codes, doesn't even require you to give up a single new piece of personal information. The entire thing is just adding a local code that your program of choice remembers and uses to generate the one-time password. No data collection, no proprietary software. Other areas might be doing bad shit for all I know, but this change is entirely a forced security measure because people are too bad at passwords.
After seing the frequent attempted logins on my Microsoft account, I'm "just" a lucky guess away from losing it if I do not have another thing blocking access.