This issue is a privacy one for me. I do not want GitHub trying to track my devices or browsers or anything of the sort.
I AGREE with everyone on here. I JUST signed up for Git and this is the first thing I wanted to remove right off the bat. This is why I am on this thread!
There is already 2FA...
May end up not using this service.
I agree. "Device verification" is a form of 2FA.
Literally the definition of 2FA from Github:
Two-factor authentication, or 2FA, is an extra layer of security used when logging into websites or apps. With 2FA, you have to log in with your username and password and provide another form of authentication that only you know or have access to.
Thus if 2FA is explicitly disabled, there should be no "Device verification" emails.
The current feature should be moved to the 2FA page, with the ability to toggle on and off.
I like that I have an extra layer of security on my important account, but it is annoying for accounts I need to switch often that have nothing worth stealing.
It gets worse for users whose access to email accounts is somehow restricted.
I have just faced the same problem. It's really annoying trying to access your account and being not able due to this non-sense measure, and then trying to log on your mail to retrieve the code and face the same problem (yes, Gmail and Hotmail also block sign in attempts from "devices that they not recognize").
Worse is that in none of these services is possible to disable this absurd behavior. Data on these accounts belong to each user, and we are the main injured if someone gains access to it, so please Github allow us to decide which security measures to enable or disable to protect it.
It is very tiring and excruciating to say the least, it's just pure bad UX.
I completely support this. Not every user needs a high level of security. For them, login with a username and password is completely sufficient. I do not want the annoyance of having to check my email every time for the code. There are also privacy concerns with tracking of devices.
For those who care about their security, they can always use 2FA.
I request that GitHub increase their priority for this issue.