Recently, Microsoft has made the move to enforce Two-Factor Authentication for logging into GitHub, which is making our lives a bit more difficult than necessary. While most people will likely be okay with this, we are not, and we have made the decision to move our most important repositories over to Codeberg.

Why have we moved to Codeberg?

The reasons are three-fold:

• Two-Factor Authentication ties your login to your mobile phone. If you lose your mobile or access to it, you lose your access to your logins for websites. Not all websites need this. Frankly, this extra security only really makes sense for banking or other critical services, but code repositories we argue don't need this, or it simply shouldn't be mandatory.
• We have also researched QR codes. Typically, when 2FA is used, individuals like myself prefer SMS over QR codes. Why? See my blog post here.
• And finally, I personally don't want to keep having to pull out my phone every time I want to login to a website. It's supposed to be user-friendly, not a frustrating experience.

There is no problem with passwords. The reason why passwords become insecure is because companies expose their own systems and compromise their own security to justify implementing new security measures, most often requiring your phone. I don't get this obsession with using your phone for everything.

Everywhere you go while you handle your phone, you are carrying a device that is tracking your every movement. I suppose Edward Snowden's warning to humanity fell on deaf ears.

Most of us can't really say much. I carry my phone to work with me, but I have contacts who need to contact me in case they need something. It's the way it is. But that's what phones are for -- communicating with friends and family. It is not an additional layer of security and shouldn't be used as such. This is especially true when we consider Snowden's revelations on the NSA in the US. The NSA can (very easily) use backdoor code that the very companies developing the operating system for your phone have direct access to, and can search your every communication you have ever made.

China has this and significantly more restricting. That, in combination with facial recognition cameras on every street corner is what allows the Chinese Government to impose its social credit system and sanction its citizens automatically without needing to lift a finger.

Apologies for this tangent, but the point is that I personally feel tying everything to our phones will stab us in the back in the end, and complying with these 2FA mandates will only make our lives more difficult.

Edward Snowden warned us. I repeat.

I certainly will not be complying with the 2FA mandate Microsoft has forced upon me to access GitHub, and so we have moved to Codeberg. Apologies for the rant, but the context was necessary.