You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have no use for legacy, insecure methods of authentication such as TOTP codes or SMS text messages, but GitHub will not allow me to disable both of those methods. It seems to require one of these weak methods always be enabled.
I primarily log into GitHub's web GUI with a Passkey (which is stored on a hardware security key). I use git command-line tools exclusively with an SSH key (which is also stored on a hardware security key).
My main security key is always with me, and my recovery code and a second security key are safely stored in a physically secure location. I know how to manage an account with strong authentication and not get myself locked out; I have had my Google account enrolled in the Advanced Protection Program for quite some time. I don't need my level of security dumbed down for me. I assume most people using a platform like GitHub are in the same boat with me in that regard.
GitHub, please let us remove legacy authenticators from our accounts!
We’ve clarified our stance on using generative AI tools like ChatGPT within our Community via this announcement. Please review the guidelines to ensure your post meets them as failure to adhere to those rules can result in action taken by our moderator team. You can read our updated Code of Conduct and the announcement for more details. Thank you for helping us maintain an authentic and beneficial space for everyone.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Select Topic Area
Question
Body
I have no use for legacy, insecure methods of authentication such as TOTP codes or SMS text messages, but GitHub will not allow me to disable both of those methods. It seems to require one of these weak methods always be enabled.
I primarily log into GitHub's web GUI with a Passkey (which is stored on a hardware security key). I use git command-line tools exclusively with an SSH key (which is also stored on a hardware security key).
My main security key is always with me, and my recovery code and a second security key are safely stored in a physically secure location. I know how to manage an account with strong authentication and not get myself locked out; I have had my Google account enrolled in the Advanced Protection Program for quite some time. I don't need my level of security dumbed down for me. I assume most people using a platform like GitHub are in the same boat with me in that regard.
GitHub, please let us remove legacy authenticators from our accounts!
Beta Was this translation helpful? Give feedback.
All reactions