Comments by "Anony Mousse" (@anon_y_mousse) on "You Are Wrong About Github's 2FA Initiative" video.

  1. Well, you already know what my take will be before I've said it, but I'll say it anyway. Worrying about the future is a pasttime for some people and you'll never get them to stop and live in the moment. Any MFA that uses a cell phone in any capacity, but especially if it's an iOS or Android device, isn't going to be any more secure than having a single password, and it'll be more annoying if your device gets lost or stolen. Aside from that, it'll be annoying when you have to use it to authenticate twice. And if it's done through an app running on the same computer it will be basically the same as having one password anyway, only doubly annoying yet again. For now, if you can't afford an expensive solution that's highly cumbersome, just having two distinct passwords that you don't write down or use a password manager for, would be the safest and most secure method. For me, I still don't have a GH account. Before Microsoft bought them I was roughly 75% against using them and roughly 90% after. When Copilot came about I was definitively in the 99.99999% no way, no how camp. Now with annoying MFA garbage that is still security theater, I'm in the 100% camp. If I ever open source any of my solo projects I'll have to rent a domain name and server space because I have the same concerns for GL that I had for GH before MS bought them.
    1