Don't like it. With the exception of my bank accounts, my digital presence is already guarded by security-through-inanity. The thought of somebody fucking with my unstarred, unfinished, unreadable learning project repos doesn't keep me up at night.

My cynical side wonders how many phone numbers they plan on harvesting.

A good 2FA setup is important for modern security.

Knowing many sortware developers, a suprisingly large percentage of them still think about security as annoyance. This is especially problematic, as they tend to have a larger attack surface.

Having access to critical resources and also executing a wide range of semi-random tools and code on your machine is ... less then optimal.

With the rise or supply chain attacks, I believe this is a critical and required change.

You could argue that GitHub should not be forcing that decision on users, but if they want to protect their brand, they kind of have to.

Microsoft's 'brand'. They tossed that aside decades ago.

The real question is how many phone numbers they're going to gather by unsuspecting users taking the SMS path.

This is a marketing scheme, not a security plan.

Let's hope they don't do a Twitter: https://www.malwarebytes.com/blog/news/2022/05/twitter-fined...