>you WILL save authentication tokens that constantly change and are impossible to memorize
>you WILL enable 2FA and store recovery codes somewhere
>you will NOT just memorize a secure password and keep it secret like a non-dumbass
why are they like this?
Works on my PC
>using GitHub
They've become too big to fail, so now they are entitled to not give a fuck about user experience.
Either you get with the program or you can fuck off.
But since you *need* them, sooner or later you'll get with the program.
This.
>rainbow tables.
Kek. No one uses those anymore.
They take up too much space, they are useless against salted hashes, and GPUs are fast enough now to do millions or even billions of hash calculations per second.
Just go back to watching your bbc porn, you massive cuck.
This.
So it's not enough to pick a nongay password anymore?
I really, really, really, really hate github. It's not just the plummeting user experience but just everything about it. It's the epitome of superficialness and fakeness, all these useless projects noone ever uses being put up there, and everyone's supposed to be positive and enthusiastic about it when they're really not. It's literally the programmer's equivalent of social media - with all the fakeness and farce that entails.
The only reason my projects are on github is to decrease the barrier to entry for reporting issues and making prs.
Still waiting for federated platforms to selfhost. I have a personal gitea instance but I only use it for private repos (e.g. dotfiles, proprietary programs, very early stage programs).
>It's literally the programmer's equivalent of social media - with all the fakeness and farce that entails.
Its insane.
>hello sir would you like grammatical error in your readme so I can have contribution to big repo?
good alternatives?
Gitea/forgejo once they implement federation. Github will be deprecated then.
Its taking fucking ages, but the second its possible to federate I'm moving all my public projects to my own instance instead of just the private ones
SourceHut
Kurumi MaidCard
git.LULZ.com
for me it's code~~*berg*~~
>Enjoy your fungus water
why? I keep seeing this image.
because naggers and women are a security risk
>a secure password
There's is close to a 100% chance that your password is not actually secure. Most people think that they've come up with a secure password, but in almost all cases their password is still vulnerable to dictionary attacks and rainbow tables.
just use a passphrase retard
Don't pretend that 2FA is even remotely difficult.
Rate my password for Github:
'!Zt_M!5cUtNj&W^~PA+yc9b=9>@`Vd;XgftZYAvz;32VQ"*4?yEj9ym74?'
'!Zt_M!5cUtNj&W^~PA+yc9b=9>@`Vd;XgftZYAvz;32VQ"*4?yEj9ym74
>'!Zt_M!5cUtNj&W^~PA+yc9b=9>@`Vd;XgftZYAvz;32VQ"*4?yEj9ym74
I cracked it in 5 seconds you skrub
Microsoft, anon
Every major Internet company wants to become the main identity verification provider and will continue pushing away from pseudo-random passwords and TOTP 2FA (yes I know GitHub supports it now, wait 5 years) on the grounds of “usability”
Even Sam Altman has his retarded orbs
Microsoft’s end goal is that you will need a Microsoft account to access pretty much anything on the Internet
The only reason I’m not completely blackpilled/schizo about it is that *every* company is trying to do it, so the end result is already a tangled mess that will realistically never take off
Even if they did win that battle, it's not forever. I'm certain if you asked people at the time, they'd say that Rome or the East India Company or whatever is invincible and too big to beat for anyone except another nation-state, Microshit is no different (arguably they're in a more precarious position because they actually filled their leadership with pajeets)
Microsoft want to build a profile of every single developer pushing github and linkedin.
In around one decade programmable computer will be clasificate as military weapons and programmers as potential terrorist.
reddit typing
>>you WILL enable 2FA and store recovery codes somewhere
No need to store recovery codes. Just use a non-pozzed TOTP tool and securely store your generator seeds.
2FA is a good idea in general.
NOOOOOOOOOOOOO 2FA IS GLOWBOHOMO BE.... BECAUSE LUKE SMITH TOLD ME SO.
>LUKE SMITH
who? i don't keep up with e-celeb shit
it really is because it's another example of a company offsetting their cost of doing business onto the customer. In this case, security.
Dumb nagger.
yet another tech incompetent thread
yawn
Yes. You should use 2FA. Use keepassxc or something, it's not THAT hard. I used to be a membermyheckinpasswordtard too but it's idiotic
>auth tokens
yeah, that shits annoying, I usually just install GH CLI and use that to authenticate.
What are the alternatives?
srht (fuck drew tho), gitlab, random gitea instances (codeberg is a popular one, teknik used to be popular), host your own gitlab or gitea/forgejo instance
or just say fuck bloated frontends entirely and use gitolite with cgit, force retards to email you patches like the good ol days
>constantly changing auth tokens
unless its because mine are years old, ive never had them change unless i requested
ssh auth > *
Fuck git.
Use fossil.
A single static self-contained 3MB binary that comes with its own web frontend with issue tracker, forum, and wiki.
All you need for your own self-hosted gitlab type thing is to run "fossil server".
You can see it in action here: https://sqlite.org/src/
or just filter people completely and return to svn or hg
or if you really want to hate yourself and larp as a triple-a game dev, perforce
Fossil is great if you miss svn and self-hosted trac instances.
Svn is fucking dogshit and you're a retarded larping zoomer that should be flayed alive for suggesting that it isn't.
never said it wasnt, just throwing out options
had to deal with retards uploading huge ass binary files on svn almost a decade ago, before they got a clue and moved to gitlab and realized not to put binaries on version control
yeah i found github auth a pain in the ass untill i just started using ssh
this is my bank, because pizza guy does not accept cash anymore
>log in
>we detected suspicious activity, here's 10 captchas to solve
>we sent you an sms
>oh, your browser uses fingerprinting protection, please confirm your email
>proceeds to log into email with 2FA to finish 3FA on account
>finally logged in
>click on my cards
>you need 2FA for that
>finally get the card details
>proceeds to pay for the fucking pizza
>2FA again
>oh, we are VISA, please select a payment you made previously
some people would never realize slipping into a techdystopia if it hit them across the face
>Auth tokens
Anon, you just have to put it once in a while and forget about it.
>2FA + recovery codes
These are a good idea. I have my TOTP on keepassxc
>you will not memorise ypur password
You are free to do so. But persoanally, just grub, root, home partition, keepassxc and my bank accounts are enough and the only important thing.
>github account gets hacked
>planes fall from the sky, bank runs, electrocity goes out
i wonder
Just deleted my Github account, had a repo with over 500 stars that was used by thousands of people and was linked in all kinds of tutorials/guides, although not much anymore.
Fuck those glownaggers trying to force 2FA, they just want mobile phone numbers/data. They let you use TOTP which can technically be worked around without a mobile telephone, but they really don't want you to, and I'm not okay with them forcing that either. I will not comply.
why delete that? Put up this exact same message and link to your sr ht. Willingly forfeiting control is the worst you can do. Use their platforms against them, upload as much shit as possible, try to break it in ways allowed by the tos
You're the mf-install guy, aren't you? I watched the page 404 last night in real time
the auth token isn't hat bad. Literally just run ssh-keygen. If you're a dev you shouldn't have a problem with this.
I haven't heard anything about them forcing 2FA? i dont need 2FA to login to my account? I saw something on google about them requiring oranization accounts to have 2FA which also seems reasonable enough to me?
If you are starting an organization then the security of the account should be held to a higher standard.
fake coder spotted.
alright. Still seems reasonable to me tho? 2FA is good practice isn't it?
You seem to think signing up with it will somehow give github access to your phone number but it wont
>2FA is good practice isn't it?
if you want to surveil someone, sure. If you are on the other end of the stick, not so much. also, 2fa is worst mfa
just think about it. If it was beneficial for uuu, it would have not been made mandatory
>password must be
>at least 12 characters in lenght
>have caps, symbols and numbers
>be unique (Chrome will check this)
>be different to the last 6 passwords
>expire every 3 months
>STILL you need to use a initial password, verification e-mail, 2FA and others
You have never reused a password on a different website before?
I assume that's why.
>NOOO, YOU CANT FORCE ME TO ACTUALLY SECURE MY ACCOUNT. YOU MUST ALLOW ME TO USE MY SHORT, PREDICTABLE PASSWORD. THIS IS LITERALLY 1984!!!
literally what is the difference between a password and a token
password: an arbitrary string of characters that you must input to be able to commit to your repo
token: an arbitrary string of characters that you must input to be able to commit to your repo, but longer
just, like, make a requirement for long password
password: someone who spoofs the login screen or watches your fingers while you type gets permanent undetectable access to your account forever
token: they don't get that
how do they not get that if you still have to input the token with your keyboard xDDDDD
just like click "Remember Me" nigga :DDDD
>how do they not get that if you still have to input the token with your keyboard
the token changes
>just like click "Remember Me" nigga
doesn't last forever, and you can't gain permanent access without disabling 2fa which requires another token and is detectable
the token is on your phone you mong
>the token changes
nuh uh, i've set mine to only expire next year
password: one needs to make advanced software to spoof the login screen
token: they just need physical access to your computer, or remote RAT
Verification and authentication are the terminal AIDS epidemic of the internet. The corporations and the elites want everyone's phone numbers and all possible IRL identifying info linked to their online presence to be tracked.
Anyone who defends non-optional shit like 2FA is either a paid shill, a government agent or a useful idiot.
>he will not think of the children and fight terrorism
treat your accs like cattle, not pets. Look at me, I make a different LULZ acc for each post
Everything could be based on private / public key infra but that involves not being retarded so it won't happen.
Fellow GitHub "experts", who's having fun with using GitHub Apps to auth your runners and cross repo actions and shit? So fun and intuitive and well documented amirite?
>>and keep it secret like a non-dumbass
>he thinks his password is secure when he typed it into any digital device at all
LMFAO
>implying I care if they steal my teledildonics account and not use cash exclusively
computers were a mistake
>there are still people in the year 2023 who give a shit about password requirements
>there are still people in the year 2023 who don't use a local or self-hosted password manager that can auto-generate complex passwords and store TFA seeds for generating TFA codes
>why are they like this?
>owned by Microsoft
He doesn't know lmao
>programming
Passwords are inherently insecure, nagger retard.
>you WILL save authentication tokens that constantly change and are impossible to memorize
no
>you WILL enable 2FA and store recovery codes somewhere
yes
>you will NOT just memorize a secure password and keep it secret like a non-dumbass
yes
>Filtered by SSH
absolute state of LULZoyim
Password: pass
OTP-codes: pass-otp
Recovery codes: pass
What's the issue, again?
>supposed tech enthusiast finds SSH keys too complex
You're not cut out for it buddy.
>non-dumbass
Dumbass spotted
Thisi makes me angry I am going to post my recovery codes in protest
FA4195MN91
GM4LK413ST
GP4DMKL87
nooooo anon what if the anonymous hacker LULZ hacks you!!!!
>memorize
Doing it wrong. Idiots like you are why social engineers have to push 2FA.