I just received an email from Github that they are now ofically begin to require users who contribute code need to have 2FA enabled.
Why isn’t password + email already sufficient? Why do I need to use a third FA to satisfy their requirements? Is it reasonable to feel stumped or angry about it?
Would like to hear your thoughts about this.
I’m not particularly angry or stumped about this, but I agree that it should be the user’s choice. I value freedom, especially regarding software, and I’d much rather have an OS that lets me delete the root folder than one that does not let me delete system32, even if I never intend on doing any of those things. In much the same way, I think I should get to decide how much I am willing to protect a particular account. What github should do is point to the option of using 2FA and recommend it, with a brief explanation, not requiring it as policy.