Why does github force people to enable 2fa?

[ac3ss0r]

Select Topic Area

Question

Body

Last few weeks github asks me and my partners to enable 2fa very often, and tells me that I'll be forced to do that anyways in a few days. That's pretty annoying, and I don't really understand why is this even a thing to force people to do that, and what right do they have to waste my time. I'm sure the account is secure enough, and I don't want to waste time setting up the stuff I don't even need.

[DosX-dev]

Yes, that's true. Mandatory 2FA is very disruptive to work. I have around 4 work accounts from different companies, and I constantly have to switch between them - every time, I have to go into the authentication app and enter the PIN code there... It's very annoying.

[Jonak-Adipta-Kalita]

I know sometimes it becomes annoying, but it is for your safety! Still they could make it "not-forced".

[DNin01]

Directly from the 2FA FAQ:

Why did GitHub make this change?

Most security breaches are not the product of exotic zero-day attacks but rather involve lower-cost attacks like social engineering, credential theft or leakage, and other avenues that provide attackers with a broad range of access to victim accounts and the resources they have access to. In fact, passwords, which we all rely on, are the root cause of more than 80% of data breaches.

That’s why GitHub is committed to helping all developers employ strong account security while staying true to our promise of an excellent user experience.

[Piero24]

@ac3ss0r For those who have many accounts or for those who use different browsers it can be really tedious to enter the pin every time this is true but as mentioned by @DNin01 and in the Two Factor Authentication Frequently Asked Questions this is due to the fact that phishing attacks have increased greatly in the lately and other big companies like Apple etc are also encouraging their users to activate 2FA. However, a new PASSKEY tool has now been added which greatly simplifies and speeds up login. All you need to do is be recognized with your personal device.

See the official guide for more details.

You can activate it from the security settings of your github account.

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬

[golubgo]

yea its stupid im migrating to gitlab