We're introducing GitLab in our organisation and have discussions going on, since personal access tokens are currently disabled due to lack of 2FA protection. Only SSH is available for personal usage. For M2M project and group access tokens are available. We're now comparing the risk of having personal access tokens (without 2FA) compared with loss in the developer efficiency and experience of disabling them. Would be great to hear from active GitLab users the use cases, which could not be solved by not having personal access tokens (as well not with SSH) and the impact. Currently the main arguments are (mainly based on use cases of not having GitLab VS Code Extension):
- Code Suggestions can't be used - No possibility to gain efficiency of generative AI
- Flow interruption by needing to switch to GitLab UI for...
- Security Findings (additional to flow interruption, it brings a high risk, that findings are not solved)
- Create / View merge requests (additional to flow interruption, collaboration between colleagues is more difficult)
- Pipeline actions
- Snippets (Create / Manage is possible with limited flow but insert is probably almost impossible?)
Thank you very much for sharing your experience:)