Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Introduce a "confirm identity" tab #5071
Currently when changing email or password we request the user to provide their password.
So instead of just requiring password on all of these tabs we can introduce a "recently authenticated" concept, where we would require the user to have provided their password (or 2FA if activated) authentication within the last 10 minutes (arbitrary time frame that I picked) to be able to edit their data.
In my opinion this is slightly better than providing the password for all changes.
Friendly ping @jfly @lgarron @jonatanklosko.