Erroneous GitHub warning messages about Multi-Factor Authentication #129244
Replies: 4 comments 6 replies
-
This message is really pissing me off. I should not have to constantly see a misleading warning about not having enough 2FA methods. I have ONE and I only want ONE. I do NOT want there to ever be ANY other method that a hacker can use to bypass my 2FA. there is ZERO chance that I will lose access to my authenticator keys. and if I did I'd also have to have permanently lost access to my bitwarden password manager which at that point, GitHub is the least of my worries for the things that I will never be able to access again. GitHub: Don't tell me I need to lessen my security. I chose a method, and only that method, fully aware of the implications involved if I were to ever be stupid enough to lose those values. |
Beta Was this translation helpful? Give feedback.
-
Hi @cosmic-linden , Yes, the warning statement can be misleading because it actually refers that you should have more than one 2FA method enabled and avoid SMS authentication. The warning goes away if you add another 2FA method (even SMS), I've tested it yesterday. See this discussion #129189 |
Beta Was this translation helpful? Give feedback.
-
Three-factor authentication? It is getting ridiculous. Surely this must be a bug in the notification system, given two-factor authentication is already enabled by usage of Authenticator app (and not SMS) . |
Beta Was this translation helpful? Give feedback.
-
So what do I need to do? |
Beta Was this translation helpful? Give feedback.
-
Select Topic Area
Bug
Body
GitHub has begun showing me a yellow warning message which says:
In addition, I see the following warning message in the Password and authentication tab:
Contrary to the above messages, I do not have SMS-based authentication enabled for my account, let alone as the sole second-factor authentication method. First, SMS-based authentication is disabled. Second, I have code-based MFA enabled, which is a widely-supported open standard, as well as the security codes provided by GitHub.
Taken together, this security message is misleading, and may lead to some users becoming confused and inadvertently weakening their security practices. It is also possible that there could be a bug here, causing the message to not be shown to users who have SMS-based authentication enabled.
Beta Was this translation helpful? Give feedback.
All reactions