It is very tiring and excruciating to say the least, it's just pure bad UX.
I completely support this. Not every user needs a high level of security. For them, login with a username and password is completely sufficient. I do not want the annoyance of having to check my email every time for the code. There are also privacy concerns with tracking of devices.
For those who care about their security, they can always use 2FA.
I request that GitHub increase their priority for this issue.
Please provide the means to disable this.
I guess, it's a good idea to have this in place by default, but it makes it tedious for me to work from a rather big computer pool room I maintain.
I end up having to run between the room and my office just to check number codes and waste time I don't have then...
This "feature" is ridiculous, please remove it. It is forced 2 factor auth. If I had sensitive stuff, I would opt in for 2 factor auth. But since I don't, this is just unnecessary hassle. And considering that the verification isn't needed with terminal access, it doesn't actually deter from any wrongdoing. It is just annoying.
I appreciate you bearing with us. I've alerted the team in charge of this to your concerns, informing them that we've had a lot of people who feel the same way as the original poster.
While I can't say how this will be resolved, I can say that this team is trying hard to balance ease of use with security for all of our users and that is not an easy challenge to resolve. What is considered secure for one group of users is generally criticized by another group of users for not being secure enough.
I know that's not the answer that you're looking for and I apologize for that. If you would like to share your feedback directly with the team responsible, I recommend using GitHub's feedback form.
It is called user choice, not ram something down my throat because of what someone else thinks; but that seems to be the big thing now. forcefeed setting upon users because you want to be the internet police and do what you think is best.
Give users THE CHOICE TO DISABLE that stupid feature. It is getting more and more annoying, and like others will start looking for other code repositories if GitHub can't get their act together.
IT IS NOT GitHub's responsibility for device security. that is my responsibility!
I know it's not your call. And you are genuinely trying to help, still. But:
What's next? "Please, input your SMS verification code to login" or "Please, add your ID to create a repo?"
And since you have relayed the original message, could you also please relay to them something along the lines of:
Who the bloody hell cares about your ease of security? For over a decade the "ease" of security was easy. Now it's time to make it more complex?
You've found the time, in your busy **bleep** schedule, to implement this nonsense? Find the time to fix it, too.
Microsoft, your role in managing the heck out of Github is appreciated. Manage more. We all desperately need your help and your guidance.
What is considered secure for one group of users is generally criticized by another group of users for not being secure enough.
Not taking the decision away from the user will give you the perfect balance out of the box, and don't track devices and IP's please.
Security makes no sense if it's consequences are worse than those of an attack. False positives are very expensive. For example Amazon permanently lost me as a client for BS "security" like this after cancelling my purchases several times, all while failing to use 3d Secure, which would let my bank take care of guaranteeing the security of the payment.