Disable / Remove email "Device verification" prompt on login (not the 2FA)

Instead of posting here we should encourage devs to move their code somewhere else. Even if that verification imbecility was removed, GH still would be M$.

Another point: That verification is annoying, but so are many devs’ mindsets (that’s just one example out of many I know, I promise). They would still be without that verification.

I think I will just stop reporting bugs and placing feature requests. It’s simply frustrating and fruitless.

1 Like

First post Aug 2019! Wow! A long time! WTF is wrong with Github? Please give a try to disable device verification! It is insecure.


This feature is super annoying, please provide an option to disable it.

Wow, years of community backlash and nothing has been done against this stupid and pointless time wasting feature, except obviously its just a feeble excuse for tracking and surveillance capitalism. I guess now you are controlled by a sociopath megalomaniac community feedback is irrelevant as we roll towards the great reset plan where we own nothing and will be happy? More excuse to port away from anything Micr0$h#@, I can’t stand this evil corp garbage

Logged in to add my voice to all the others in asking for this ridiculous feature to be removed…


It is especially annoying if you have your browser set to clear site data periodically/on close for more privacy. Your session will be gone and you’ll have to provide the verification code again. It’s not an uncommon setup for hackers and developers - who are the main users of GitHub.

My passwords are strong and my personal threat assessment is that there is no need for 2FA for my GitHub account. Please let this be the user’s choice, we don’t need handholding.

(In order to post this I had to - again - get the verification code from my emails…)

M$ is obviously deaf to all the uproar going on here, but still: my security is my own business. If my ultra-weak password with 196 bits of entropy is not strong enough, that’s my problem. You are at large telling your dogs that their leashes are for their own good, and that the shortening of said leashes is somehow the unstoppable progress, but don’t you tell that to adult human beings.

Who am I telling that, though - a corporation whose latest&greatest OS is a surveillance device by default and by all means?

$7.5e+9 paid by M$ is what’s wrong with GitHub.

This is such an annoyance. I am a casual user and don’t need this malarkey. I purposely disable 2FA. Now my choice is put up with getting an email code or allow a permanent tracking cookie? how is this more secure for me? WTF. Give me back my freedom of choice.

1 Like

+1 to remove for this and the other reasons mentioned above.

+1 to remove unrequested 2FA emails

Not only is this a huge annoyance, it’s a security vulnerability.

For illustration, Microsoft’s definition of security vulnerability:

Notice in particular: “confidentiality, integrity, OR availability” (emphasis added)

To further elaborate on the specific vulnerability here:

An attacker compromises my email address because they don’t like my contributions to an open-source project.

They have effectively blocked me from contributing.

+1 We should be able to remove the “device verification” email.

This is a form of 2FA: password + email.

These emails are polluting my mailbox (I had 2 today) for a feature that I don’t actually need (there is nothing important on this account) or want. I can’t set up a rule to automatically delete them as I actually need to open them.

It is even worse than just slowing me down, it actually sometimes make me give up logging in because having to check my emails would break too much my thought process, compared to the benefit of having my ideas about code / code on gist.

If Github doesn’t enable to disable this 2FA, at least, less verification should be done: don’t ask me to check my emails if I’m logging from a place I’ve already logged from 5000 times before. Actually check only if I logged from a way different place: If I usually log in from Paris, and I have an American IP Address, it is legit to ask me to confirm by mail ; if I’m logging in from Paris or from a city close to Paris, don’t make me check, you already know it’s me.

Two years and 300 “+1” later, still no fix…

You really think 300 users out of 10s or 100s of thousands are going to sway things?

:exclamation: It should be optional. Complete waste of time for many of GH users.