Comment by benatkin

13 years ago

Egor's posts have also helped GitHub improve their security, to the extent that they're willing to listen.

I told a couple of people at GitHub that they should add a way to select which email addresses can be used for password reset. Both agreed it was a good idea, but there hasn't been any action.

If you want commits to be linked to your GitHub account, you have to add the email to your account settings page. If you add the email to your account settings page, it can be used to reset the password and gain access to the account.

Also people keep begging for Two-Factor auth, and I'll echo that. https://twitter.com/kaepora/status/307938914667220992

0 comments

benatkin

No comments yet

Contribute on Hacker News ↗