Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ground Controller Lvl 1
Message 21 of 43

Re: Disable / Remove email "Device verification" prompt on login (not the 2FA)

It is very tiring and excruciating to say the least, it's just pure bad UX. 

Highlighted
Ground Controller Lvl 1
Message 22 of 43

Re: Disable / Remove email "Device verification" prompt on login (not the 2FA)

I agree. This should be optional and is just annoying for accounts that are mainly used to report bugs.
Highlighted
Copilot Lvl 2
Message 23 of 43

Re: Disable / Remove email "Device verification" prompt on login (not the 2FA)

I completely support this. Not every user needs a high level of security. For them, login with a username and password is completely sufficient. I do not want the annoyance of having to check my email every time for the code. There are also privacy concerns with tracking of devices.

 

For those who care about their security, they can always use 2FA.

 

I request that GitHub increase their priority for this issue.

Highlighted
Ground Controller Lvl 1
Message 24 of 43

Re: Disable / Remove email "Device verification" prompt on login (not the 2FA)

Please provide the means to disable this.

 

I guess, it's a good idea to have this in place by default, but it makes it tedious for me to work from a rather big computer pool room I maintain.

I end up having to run between the room and my office just to check number codes and waste time I don't have then...

Highlighted
Mission Specialist Lvl 1
Message 25 of 43

Re: Disable / Remove email "Device verification" prompt on login (not the 2FA)

This "feature" is ridiculous, please remove it. It is forced 2 factor auth. If I had sensitive stuff, I would opt in for 2 factor auth. But since I don't, this is just unnecessary hassle.  And considering that the verification isn't needed with terminal access, it doesn't actually deter from any wrongdoing. It is just annoying.

Highlighted
Community Manager
Message 26 of 43

Re: Disable / Remove email "Device verification" prompt on login (not the 2FA)

Hi all,

I appreciate you bearing with us. I've alerted the team in charge of this to your concerns, informing them that we've had a lot of people who feel the same way as the original poster.

While I can't say how this will be resolved, I can say that this team is trying hard to balance ease of use with security for all of our users and that is not an easy challenge to resolve. What is considered secure for one group of users is generally criticized by another group of users for not being secure enough.

 

I know that's not the answer that you're looking for and I apologize for that. If you would like to share your feedback directly with the team responsible, I recommend using GitHub's feedback form.

Thanks!

Highlighted
Copilot Lvl 2
Message 27 of 43

Re: Disable / Remove email "Device verification" prompt on login (not the 2FA)

It is called user choice, not ram something down my throat because of what someone else thinks; but that seems to be the big thing now. forcefeed setting upon users because you want to be the internet police and do what you think is best.

 

Give users THE CHOICE TO DISABLE that stupid feature. It is getting more and more annoying, and like others will start looking for other code repositories if GitHub can't get their act together.

 

IT IS NOT GitHub's responsibility for device security. that is my responsibility!

Highlighted
Mission Specialist Lvl 1
Message 28 of 43

Re: Disable / Remove email "Device verification" prompt on login (not the 2FA)

I know it's not your call. And you are genuinely trying to help, still. But:

 

What's next? "Please, input your SMS verification code to login" or "Please, add your ID to create a repo?"


And since you have relayed the original message, could you also please relay to them something along the lines of:

Who the bloody hell cares about your ease of security? For over a decade the "ease" of security was easy. Now it's time to make it more complex?
You've found the time, in your busy **bleep** schedule, to implement this nonsense? Find the time to fix it, too.

Thank you.
Microsoft, your role in managing the heck out of Github is appreciated. Manage more. We all desperately need your help and your guidance.

Highlighted
Ground Controller Lvl 2
Message 29 of 43

Re: Disable / Remove email "Device verification" prompt on login (not the 2FA)

why cant it be optional for users who are concerned about it lol
Highlighted
Copilot Lvl 2
Message 30 of 43

Re: Disable / Remove email "Device verification" prompt on login (not the 2FA)


What is considered secure for one group of users is generally criticized by another group of users for not being secure enough.

 

Not taking the decision away from the user will give you the perfect balance out of the box, and don't track devices and IP's please.

 

Security makes no sense if it's consequences are worse than those of an attack. False positives are very expensive. For example Amazon permanently lost me as a client for BS "security" like this after cancelling my purchases several times, all while failing to use 3d Secure, which would let my bank take care of guaranteeing the security of the payment.