Disable / Remove email "Device verification" prompt on login (not the 2FA)

Does anyone know how to this prompt? It’s tiresome, and annoying to have to check inbox for “[GitHub] Please verify your device” email and copy / pasta verification code.

Also, the follow-up email “[GitHub] Please review this sign in” is worthless too. 

It’s just un-needed to have the GitHub organizatino worry about my security especially since they already offer 2FA (which is already disabled). It’s basically like you can not disable this silly feature. What a bad idea…

87 Likes

Hi @vondelphia ,

Thanks for this feedback! We’re always working to improve GitHub and the GitHub Community Forum, and we consider every suggestion we receive. I’ve logged your feature request in our internal feature request list. Though I can’t guarantee anything or share a timeline for this, I can tell you that it’s been shared with the appropriate teams for consideration.

Cheers!

9 Likes

+1. 

You already have other authentication mechanisms in place much more relevant to developpers (incl: SSH authentication), please stop wasting our time at (mostly) every login. Simple login is enough, and I can always enforce 2FA if I want added security.

I’m at a point where I consider moving my various projects to another git host just for this reason. Not a threat, just to give you an idea that shifting multiple small projects seems to me less time lost than verifying device so often.

40 Likes

For me, the “Device verification” is a show stooper.

I’am working on PCs of my custemers, where do not have acces to my e-mail account.

BTW: Its pointless to check devices only when connected over HTTP and to have it not, when manipulating the repository via push. Is this one of the greate ideas from the new github owner M$, trying to track developers? May be it is time to switch.

OT: why does this editor uses rich-text instead markdown (https://guides.github.com/features/mastering-markdown) which is common at github.

12 Likes

It is a very bad idea.just annoying

8 Likes

@return42 wrote:

For me, the “Device verification” is a show stooper.

I’am working on PCs of my custemers, where do not have acces to my e-mail account.

BTW: Its pointless to check devices only when connected over HTTP and to have it not, when manipulating the repository via push. Is this one of the greate ideas from the new github owner M$, trying to track developers? May be it is time to switch.

OT: why does this editor uses rich-text instead markdown (https://guides.github.com/features/mastering-markdown) which is common at github.

 

this new function with the “device code” is incredibly bad. I am a normal user and create “issue” for Android Open Source apps. My account data is not valuable, nor interesting (if my account is hacked).

i just don’t do bug reports anymore. your new method is incredibly annoying and once it happened to me that i didn’t have my email address anymore and could never access my account again.

i have no desire to contact your github support. it hasn’t caused any problems for years. i could create bug reports for the apps for years. now with their senseless security function. you have restricted the freedom.

i hate you for it. now i don’t support android open source app anymore. don’t create bug reports anymore. except the apps have an email contact.

then i contact them by email and report the bugs there. but never again github.com

i’m afraid since you were bought by microsoft. you’re going to limit the platform more and more, create more and more fake security problems so that you have to do 2 factor (2FA) or something else e.g “device code”

you don’t have any say at all if the users want such a function at all. you just introduced it that way.

you are nothing more than allowing the platform to be centrally managed and controlled. you are bad and I will never support you again.

18 Likes

I chose it exactly that way. I don’t want 2FA or device code. I just want to login with my email/username and password. and then report bug reports. nothing more.

my login data is securely encrypted in my database. i have never asked for additional security on github.com or anything like that. you leave the users no choice.

just that they don’t tell new users about this “device code” function at all. that they will be asked for it at the next login.

it shows again and again what they are. they are mutated to a central place.

the user doesn’t have the decision anymore. they just decided to keep their lies about security alive. i hate you.

19 Likes

This issue is a privacy one for me. I do not want GitHub trying to track my devices or browsers or anything of the sort.

14 Likes

I AGREE with everyone on here. I JUST signed up for Git and this is the first thing I wanted to remove right off the bat. This is why I am on this thread!

There is already 2FA… 

May end up not using this service.

4 Likes

I agree. “Device verification” is a form of 2FA.

Literally the definition of 2FA from Github:

Two-factor authentication, or 2FA, is an extra layer of security used when logging into websites or apps. With 2FA, you have to log in with your username and password and provide another form of authentication that only you know or have access to.

Thus if 2FA is explicitly disabled, there should be no “Device verification” emails.

The current feature should be moved to the 2FA page, with the ability to toggle on and off.

I like that I have an extra layer of security on my important account, but it is annoying for accounts I need to switch often that have nothing worth stealing.

It gets worse for users whose access to email accounts is somehow restricted.

11 Likes

I have just faced the same problem. It’s really annoying trying to access your account and being not able due to this non-sense measure, and then trying to log on your mail to retrieve the code and face the same problem (yes, Gmail and Hotmail also block sign in attempts from “devices that they not recognize”).

Worse is that in none of these services is possible to disable this absurd behavior. Data on these accounts belong to each user, and we are the main injured if someone gains access to it, so please Github allow us to decide which security measures to enable or disable to protect it.

3 Likes

You should really try to prioritize this item - github has basically made it impossible to share private repos with others.  I created a second account for my organization to share demo material / code to other groups where I don’t know their github usernames ahead of time (I provide them with my second account credentials, which has limited access).  The repos I want to allow others to access don’t contain sensitive information, but I don’t want them public either.  Now because of this verification non-sense, I cannot allow any access to others without knowing their github user names.  This may be a deal breaker for us…

13 Likes

It is very tiring and excruciating to say the least, it’s just pure bad UX. 

8 Likes

@belhfl wrote:

 

I’ve logged your feature request in our internal feature request list.

 

What is the status of this? How low is this on your priority list? This is hell annoying!

6 Likes

I agree. This should be optional and is just annoying for accounts that are mainly used to report bugs.

2 Likes

I completely support this. Not every user needs a high level of security. For them, login with a username and password is completely sufficient. I do not want the annoyance of having to check my email every time for the code. There are also privacy concerns with tracking of devices.

For those who care about their security, they can always use 2FA.

I request that GitHub increase their priority for this issue.

5 Likes

Please disable this feature it’s annoying

14 Likes

+1,

Please remove this very annoying verfication.

We’re pros. We don’t need it at all.

13 Likes

Please provide the means to disable this.

I guess, it’s a good idea to have this in place by default, but it makes it tedious for me to work from a rather big computer pool room I maintain.

I end up having to run between the room and my office just to check number codes and waste time I don’t have then…

2 Likes