Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
donatj 2 days ago

The level of lockdown in current years is wild. With our 2FA requirements and SSO, signing into GitHub every morning takes me something like eight clicks and a solid minute. Everything has gotten so locked down in recent years, people are working so hard to protect what are largely basic CRUD apps

anon7000 2 days ago | parent | next [-]

Interesting, my company’s GitHub SSO works fine. They use Okta. The main account stays logged in, but the SSO account expires every day or so. But Okta Fastpass means the flow is “click login, click use fastpass, use fingerprint for Touch ID” and you’re golden

jimbokun 2 days ago | parent | prev | next [-]

That’s fine as long as you are kept logged in or at least have an abbreviated login process after successfully authenticating in the morning.

CRUD apps can contain very sensitive data, so not sure how that’s relevant.

donatj 2 days ago | parent [-]

I'm all for protecting the data with my life, but there's increasingly little value in the code around a CRUD app, which is what we're keeping in GitHub.

magicalhippo 2 days ago | parent | prev [-]

Would have been less if GitHub had just allowed proper SSO instead of this hybrid account mixing.

I get that the hybrid method might be desirable for contractors or similar who have many hats, but for a regular employee it just adds friction for no benefit.

nightpool 2 days ago | parent [-]

I've never had that issue with Github—I think their account mixing setup reduces the amount of work I have to do to sign in 100x compared to other SSO systems I use.

magicalhippo 2 days ago | parent [-]

You must have used some weird other SSO systems is the only explanation I have.

GitHub has all the normal SSO stuff as anything else we use, but on top of the GitHub-specific account login. Everywhere else I just log in via SSO, in GitHub I log in first to GitHub (with its own MFA) and then the same SSO step as anywhere else.

nightpool 2 days ago | parent [-]

I've never had to log in to Github as part of my daily flow. Only once to set up a new computer. Are you logging in using an incognito window or something?

magicalhippo 2 days ago | parent [-]

Interesting. Perhaps it's because I'm not using GitHub daily, we're migrating to GitHub so I still do work in repos which live in the old system. Also, perhaps I'm more affected because I'm doing org admin stuff as well.