Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is not at all my experience with Github? I go through the 2fa flow maybe once a year, if that. I have to go through the SSO flow for my employer's private repositories once a day (which is my employer's policy, not Github's), but that properly redirects to the page I was trying to access.

Does your employer have a SSO flow that requires 2fa every time and doesn't redirect properly afterwards? That would be pretty annoying, but it's not Github's fault.



Happens even with my personal GitHub account across multiple browsers/operating systems.


Counter-anecdote. I cannot even remember the last time I was asked to log into Github, at the office, at home, on my laptop, and even on my phone.

Do you perhaps have a browser setting that nukes cookies/session data by any chance? Or perhaps use a VPN that might be tripping some sort of account protection mechanism?


Counter-counter, I share his experience as well and don't have any of those things. Just bog standard Chrome with no extensions.

What I do have, and I expect is relevant: frequent ~weeklong gaps where I don't access GitHub at all in this browser profile. I assume there's some medium-lived token that's refreshed when you access the site.


My experience is similar to yours, though I seem to have to login every other week or so it feels like (maybe it’s once a month I don’t know).

This feeling could also be exasperated though since while I only use a personal GitHub account, I access it frequently from the browser and app on numerous devices.

I can definitively say though that I need to login more than twice a year on any one device.


Mine too. It wasn't always like this, but nowadays if I haven't accessed the site in a handful of days there's a good chance I'm logged out when I go. And it requires logging in, then mobile 2FA. It's very annoying.


Just to put this out there - but this doesn't actually sound that unreasonable.

Your tokens/session should expire at some point. We can argue over what might be a reasonable duration, but it definitely should expire.

What might be going on is if you visit the site/app it renews the token/session if it's still valid. So if you are relatively active on GH, you will stay logged in - otherwise you will eventually be logged out.

Just guessing, but all of this does seem reasonable. There's a lot your Github account can do, including a lot of damage to you and any organizations you are part of.


Totally agree with all of that, and still find it (perhaps irrationally!) annoying when it happens.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: