I'd had a GH account for ages under my own name, I closed that as soon as Microsoft took it over, moved all my repos to GitLab, good move. I opened a new GH account under a silly name [1] so I could collaborate with people still on it. Now I'm not really against 2FA, but don't use it myself, it adds friction, adds risk (what if you lose it), it seems too "theatrical" for my liking. You want to use 2FA? be my guest, live and let live etc. What I don't like is being told what to do with my account, particularly by someone like MicroSlop. I won't add 2FA to my GH account, so I'll not contribute any code to GH based projects, ho hum. As I understand it, I'll still be able to raise issues without 2FA, fine, and when 2FA becomes mandatory for that, I'll stop doing that too.
Lose what exactly? Decent 2FA setups make you confirm you've recorded a set of backup codes somewhere (they often recommend print and store in a safe, I find a secure note in a password manager works well) before activating it.
Furthermore plenty of TOTP applications offer secure backup and syncing features.
So again, what specifically do you think you're going to "lose"?
I'd had a GH account for ages under my own name, I closed that as soon as Microsoft took it over, moved all my repos to GitLab, good move. I opened a new GH account under a silly name [1] so I could collaborate with people still on it. Now I'm not really against 2FA, but don't use it myself, it adds friction, adds risk (what if you lose it), it seems too "theatrical" for my liking. You want to use 2FA? be my guest, live and let live etc. What I don't like is being told what to do with my account, particularly by someone like MicroSlop. I won't add 2FA to my GH account, so I'll not contribute any code to GH based projects, ho hum. As I understand it, I'll still be able to raise issues without 2FA, fine, and when 2FA becomes mandatory for that, I'll stop doing that too.
[1] https://github.com/noproblemwiththat
> adds risk (what if you lose it)
Lose what exactly? Decent 2FA setups make you confirm you've recorded a set of backup codes somewhere (they often recommend print and store in a safe, I find a secure note in a password manager works well) before activating it.
Furthermore plenty of TOTP applications offer secure backup and syncing features.
So again, what specifically do you think you're going to "lose"?
> What I don't like is being told what to do with my account
All of the arguments against 2FA here could be made against requiring passwords longer than 8 characters.
It’s not secure. The fix is easy, effective, and has almost no downsides.