First, they restricted code search without logging in so I’m using sourcegraph But now, I cant even view discussions or wiki without logging in.

It was a nice run

  • mozz@mbin.grits.dev
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    I’m still stuck on why I have to create a password-equivalent API token, and then store it on my hard drive if I want an at-all-convenient workflow.

    “We made it more secure!”

    “How is storing it on my hard drive more secure”

    “Just have it expire after a week!”

    “How is it more secure now, seems like now there are two points of failure in the system, and anyway I keep hearing about security problems in github which this hasn’t been a solution to any of them”

    “SHUT UP THAT’S HOW”

    • ISometimesAdmin@the.coolest.zone
      link
      fedilink
      arrow-up
      1
      ·
      10 months ago

      An API token is more secure than a password by virtue of it not needing to be typed in by a human. Phishing, writing down passwords, and the fact that API tokens can have restricted scopes all make them more secure.

      Expiration on its own doesn’t make it more secure, but it can if it’s in the context of loading the token onto a system that you might lose track of/not have access to in the future.

      Individual API tokens can also be revoked without revoking all of them, unlike a password where changing it means you have to re-login everywhere.

      And that’s just the tip of the iceberg. Lmk if you have questions, though.