I log in to github.com from the same device. For last couple of day github.com reports unknown device despite it is the same browder from the same range od dynamic IPs.
Is it possible to switch off this kind security check for my account?
Thanks for being here, If you'd like to disable the verified device requirement permanently, enabling 2FA on your account will allow you to bypass that requirement:
With 2FA enabled, be sure to add some fallbacks to ensure you don't find yourself locked out:
- Download your recovery codes. This is by far the best way to make sure you don't get locked out of your account.
- Set a fallback number. As long as your phone wasn't lost, you'll be able to regain access to your account in the amount of time it takes to receive an SMS.
- Set up Recover Accounts Elsewhere. If you're otherwise unable to authenticate, this feature allows you to verify your ownership of a GitHub account using a token stored elsewhere.
- Add a security key Phone got stolen and you lost your recovery codes? Today is turning into a rough day, but you'll still have access to your account if you have a FIDO U2F security key added to your account.
More information on configuring additional recovery methods can be found in our Help docs:
Mark helpful posts with Accept as Solution to help other users locate important info. Don't forget to give Kudos for great content!
Thanks for thorough explanation Andrea. Contrary to your proposal I am lookin for a way to log in without the phone and without mail code, like to this account on GitHub Community Forum.
@Am-per-Sand ah, I see what you're talking about right now. As Andrea mentioned, there is no way to turn these mails off. Why? I don't know for sure - I don't work for GitHub - but it's probably due to the enormous amount of account takeovers these days, even on platforms like GitHub which are developer-oriented. And developers should know better - to use TFA.
I'd strongly recommend configuring TFA. On GitHub, you have a gazillion options: phone TOTP, SMS, recovery codes, fallback numbers and my favourite: U2F. There are no excuses not to start using TFA right now ;) .
No, I am talking about the email with the code to necessary to login that is sent every time, despite I log from the same browser.
@Phorkoz welcome to the forum! I really don’t think there is any need to use such a negative tone towards GitHub while they just try to keep your account safe.
First of all, you should never tie any mail address you do not control to any account you actively use. If do decide to do that anyway, you risk locking yourself out. If you would like to use throwaway mail addresses, either buy a domain name and make sure you can re-activate the addresses or use the plus-notation many popular free mail clients support (https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-more-from-your.html).
Secondly, as I’ve explained before it is a measure that is really needed. It is in both your best interest as well as GitHubs best interest to keep your account safe. I think GitHub are fully in their rights to help users keep their account safe if they fail to enable TFA themselves, and I also think GitHub should be able to trust it’s users to be reachable on at least one of the mail addresses they provided.
So, from now on let’s continue on a positive tone and stop calling out GitHub for a security feature designed to protect you. To get you back up and running I’d suggest contacting GitHub at https://github.com/contact as we can’t discuss account details in this forum.