Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Copilot Lvl 3
Message 1 of 32

opt out of user.device_verification_requested

I log in to github.com from the same device. For last couple of day github.com reports unknown device despite it is the same browder from the same range od dynamic IPs.

Is it possible to switch off this kind security check for my account?

31 Replies
Highlighted
Copilot Lvl 3
Message 2 of 32

Re: opt out of user.device_verification_requested

Same problem. 2 factor auth is off. I don't want this! How can remove the requirement?

Highlighted
Community Manager
Message 3 of 32

Re: opt out of user.device_verification_requested

Hi @Am-per-Sand,

 

Thanks for being here, If you'd like to disable the verified device requirement permanently, enabling 2FA on your account will allow you to bypass that requirement:

 

https://help.github.com/articles/configuring-two-factor-authentication

 

With 2FA enabled, be sure to add some fallbacks to ensure you don't find yourself locked out:

 

- Download your recovery codes. This is by far the best way to make sure you don't get locked out of your account.

- Set a fallback number. As long as your phone wasn't lost, you'll be able to regain access to your account in the amount of time it takes to receive an SMS.

- Set up Recover Accounts Elsewhere. If you're otherwise unable to authenticate, this feature allows you to verify your ownership of a GitHub account using a token stored elsewhere.

- Add a security key Phone got stolen and you lost your recovery codes? Today is turning into a rough day, but you'll still have access to your account if you have a FIDO U2F security key added to your account.

 

More information on configuring additional recovery methods can be found in our Help docs:

https://help.github.com/articles/configuring-two-factor-authentication-recovery-methods/

 


Best,
AndreaG

Mark helpful posts with Accept as Solution to help other users locate important info. Don't forget to give Kudos for great content!

Highlighted
Copilot Lvl 3
Message 4 of 32

Re: opt out of user.device_verification_requested

Thanks for thorough explanation Andrea. Contrary to your proposal I am lookin for a way to log in without the phone and without mail code, like to this account on GitHub Community Forum.

Highlighted
Commander Lvl 3
Message 5 of 32

Re: opt out of user.device_verification_requested

@Am-per-Sand ah, I see what you're talking about right now. As Andrea mentioned, there is no way to turn these mails off. Why? I don't know for sure - I don't work for GitHub - but it's probably due to the enormous amount of account takeovers these days, even on platforms like GitHub which are developer-oriented. And developers should know better - to use TFA.

 

I'd strongly recommend configuring TFA. On GitHub, you have a gazillion options: phone TOTP, SMS, recovery codes, fallback numbers and my favourite: U2F. There are no excuses not to start using TFA right now ;) .


- Mark
Highlighted
Commander Lvl 3
Message 6 of 32

Re: opt out of user.device_verification_requested

@Am-per-Sand Are you talking about not wanting to receive the mail that notifies you of the login?


- Mark
Highlighted
Copilot Lvl 3
Message 7 of 32

Re: opt out of user.device_verification_requested

No, I am talking about the email with the code to necessary to login that is sent every time, despite I log from the same browser.

Highlighted
Copilot Lvl 3
Message 8 of 32

locked out

So I signed up with guerillamail and used my account for at least 3 or 4 years. Now suddenly they ask for device verification and I am permanently locked out. Github just randomly decided to lock me out of everything, pretty much forever. Nice to see that they thoroughly thought this through before enabling it.
Highlighted
Commander Lvl 3
Message 9 of 32

Re: locked out

@Phorkoz welcome to the forum! I really don’t think there is any need to use such a negative tone towards GitHub while they just try to keep your account safe.

 

First of all, you should never tie any mail address you do not control to any account you actively use. If do decide to do that anyway, you risk locking yourself out. If you would like to use throwaway mail addresses, either buy a domain name and make sure you can re-activate the addresses or use the plus-notation many popular free mail clients support (https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-more-from-your.html).

 

Secondly, as I’ve explained before it is a measure that is really needed. It is in both your best interest as well as GitHubs best interest to keep your account safe. I think GitHub are fully in their rights to help users keep their account safe if they fail to enable TFA themselves, and I also think GitHub should be able to trust it’s users to be reachable on at least one of the mail addresses they provided.

 

So, from now on let’s continue on a positive tone and stop calling out GitHub for a security feature designed to protect you. To get you back up and running I’d suggest contacting GitHub at https://github.com/contact as we can’t discuss account details in this forum.


- Mark
Highlighted
Copilot Lvl 3
Message 10 of 32

Re: locked out

Are you for real? I'm locked out of a long time account and you are criticizing my tone? I have waaaaay less nice things to say but chose to keep it civil. Github is fully in their right to delete everything and ban all users, yada yada. It may have been unwise to use a temporary email, except it was not a problem for years and quite important to maintain anonymity. Needless to say, I woke up to being so protected and safe that I can't log in anymore. Maybe they'll give me my account back, maybe they won't. I can try that route or just make a new one. The road to hell is paved with good intentions and it would have been nice to have some warning that what amounts to 2FA is being auto enabled. No such warning was given. Are we going to ask for phone numbers and scans of IDs next? Because if that's the case I'm not playing. Plenty of other repo services in the sea.