Github is a piece of proprietary s***t
4 votes c/freepost Posted by DustDFG — 4 votes, 7 commentsSource

It forces user for 2FA for security… It sent me an email “you have 45 days to enable 2FA or your account will be restricted”. It is not just something like you can’t write (creating issues/pr, edit your repos). No it is fully “blocked” account. Now 45 days ago I can’t even read issues… I can’t do anything even read. But!!! User without account can see anything! They punish those who use their platform more than those who don’t use? We are in the insane world. I don’t understand it at all. Hieronymus Bosch will loose a battle with a real world :/

Absolutely. I called it when Microsoft bought it back in 2018. Moved all my repositories elsewhere back then.

Luckily Bitwarden premium has totp that can autofill so I just use that, but I wish other developers would move away from it so I didn’t have to use it for issues and merge requests.

Also just one thing, a user without an account can’t search the code in a repo whereas a user can. It’s not a big deal, since you can just clone the repo and search that way, but it’s still a hassle that doesn’t make any sense.

Similarly to how user without account can’t search in issues or prs in gitlab

This is honestly a huge problem, because issues/prs cannot be “cloned” and searched offline like repositories.

Moreover. The only way to contact with support not email. There is no one. At least there is no one exposed to people so you must use their “support form” on the site but what you expect? You expect it won’t be restricted? You are wrong in this case 🤦‍♀️

Do they require 2FA via phone, or can you use something else like a token authenticator?

By token do you mean external device? They have an option for it but only after you used one of two primary methods: sms or totp.

Yeah totp can be set up using any open source password manager and doesn’t even need any connections with server… But I don’t need it. I love to crash my system into unrecoverable state, I plan to experiment with different filesystems so it can lead to file corruption so I will need to store the “secret” of totp somewhere on external drive or usb flash (or even on a sheet of paper) like any other password but to sign in I will need to setup the totp app again each time I want to corrupt my system… So I will store it along password which doesn’t have any sense. It is just a disadvantage without benefit for security of me but I am forced :/

yes exactly, I was thinking about TOTP which at least does not require your phone number.