Sorry for the geek post…
2FA is enshittification now?
I mean… I guess in a way it is a symptom of it, if you consider the growing concern of hacking part of enshittification and this, a method of stopping or at least slowing an attack down, being a product of that.
It’s more of an anti-enshittification device that just comes with a slight bit of shittiness in the form of another step to logging in.
Yeah, it just winds me up when sites impose these bits of shittiness on you without allowing you to opt out. Because I was happy to sacrifice a bit of my account’s security for convenience
Keepass (open source password manager) can auto-fill not just username and password, but also generate and fill in one-time codes
Reduces the security the 2FA provides, but after i started using that it was pretty much zero extra effort to log in
Which part of this is infuriating you? The fact that a message is popping up or what it’s asking you to do? Or is it the fact that it’s all in comic sans? Honestly, 2FA is a really simple way to greatly improve security on your account. I’m no expert, so maybe it’s got major flaws that I don’t know about, but just set it up really quick and choose to remember your device. Now you’ll never need to worry about it and you won’t see this message
I think what’s infuriating me is that it’s an inconvenience that’s being paternalisticly imposed on me. That’s what makes it feel like enshittification. I don’t really care that much about the security of my account, and having to find my phone and wait for an app to open is just a hassle that I’d prefer to avoid. The fact that they unilaterally decided what ought to be best for me is what annoys me I guess.
comic sans
Coding instantly feels more fun
I was more annoyed at the ssh key requirement lol, I know it’s more secure etc etc but im not working on anything sensitive, it’s just annoying
Yeah exactly, this is what I mean. I still haven’t figured out how to set that up so I have to paste the key in from my password manager every time I want to push. I hate when they paternalisticly decide what ought to be best for me
Not sensitive for you. But GitHub has started to look at supply chain attacks. So I’m popular module which isn’t very sensitive is used biological projects that are. The account that maintains the module is exploited and that causes lots of havoc
Please make a U-turn at the next junction and follow all signs to !unpopularopinion@lemmy.world
I was actually considering posting it there at first. Would have fitted there better it seems
This really isn’t enshittification. Things are not being made worse just to drive someone else’s profit. There isn’t the big fido2 key lobby pushing this in the background. This is a security measure to improve security on a highly technical website that is the target of lots of attacks.
Its annoying and inconvenient, sure, but not making a service worse to drive profit.
Lot of comments here with single down votes. I wonder how salty op is
Dead Sea levels…
Microsoft / Github do a ton of shitty things, straight up enshittification textbook stuff… spoiled for choice really… just not 2fa.
I don’t think so. Enforcing two-factor auth to be allowed to do certain things with an account just makes sense. It’s definitely not an attempt to squeeze profit out of users per se, but rather an attempt to limit liability and the risk of costly support problems caused by passwords being compromised.
I think it’s even more important with contributors of large projects and libraries used by a vast amount of software out there.
It’s not inconceivable that someone’s account gets hijacked, and someone uses their trusted account to add a small snippet of malicious code in a commit, enabling a supply-chain attack.