i hate 2FA as well, but in the end, even if i loose my access to github i only loose access to my github identity but i don't loose access to my code, so i can live with that.
of course in the light of this discussion losing access to my github identity would be part of the problem, so it's a tradeoff. is it more likely that someone will break into my account and abuse my identity if i don't have 2FA or is it more likely that i loose my second factor and have to rebuild my identity. in the latter case someone else could also pretend to be me, but since the xz debacle both of us would face more scrutiny that my hope still is that i would win.
> if i loose my access to github i only loose access to my github identity but i don't loose access to my code, so i can live with that.
That means that you need to fork your own project, and there is no way to communicate it to the users, since the new account could just be someone pretending to be you.
If there is a security vulnerability, it would remain unfixed forever.
> is it more likely that someone will break into my account and abuse my identity if i don't have 2FA or is it more likely that i loose my second factor and have to rebuild my identity
Since phones are very easy to break, and until very recently there was no way to backup google authenticator, I'd say that losing your 2nd factor was the most likely of the two.
Now if you say that you backup your 2nd factor seed in your password manager, where your password is… congratulations you're doing over-complicated 1 factor authentication!
well, yes, exactly. once i realized that, my reaction was: why thank you github, you just made my one factor auth more complicated for little gain. well, ok, i don't store the otp with the password, so cracking the password became a bit more complicated too. but for example committing code doesn't require otp and my browser has me permanently logged in, so where exactly is the added safety now?
as for the lost identity. a new user could at least share a warning. that user doesn't have to be trusted to get others to be more vigilant and scrutinize the code very carefully as eg was done with XZ once the issue was discovered. imagine an unknown user would have alerted the community that the maintainer account was compromised or locked out. they could have reached out to people who know them to verify their identity and to corroborate the claim. it would be a long and tedious process, but at least any attacker would be prevented from getting any further advantage too.
it could still mean loss off the maintainership and loss of users, but i can also host my projects in multiple places so that only part of my known and verifiable identity can get compromised at once.
in the end it's partly security theater, partly arms race, partly an improvement through raised awareness...
i hate 2FA as well, but in the end, even if i loose my access to github i only loose access to my github identity but i don't loose access to my code, so i can live with that.
of course in the light of this discussion losing access to my github identity would be part of the problem, so it's a tradeoff. is it more likely that someone will break into my account and abuse my identity if i don't have 2FA or is it more likely that i loose my second factor and have to rebuild my identity. in the latter case someone else could also pretend to be me, but since the xz debacle both of us would face more scrutiny that my hope still is that i would win.
will the real eMBee please raise their hand?