[cstejerean]

That's what people used to do before because there were no good options to provision separate work accounts for people. With the new for business model I'm guessing we'll see people being issued work accounts and keeping their personal GitHub accounts completely separate, which might be a good thing.

[JoshTriplett]

Developers have the same identity no matter who they work for.

It makes sense to separate access ("this person has access to Example Corp's repos only as long as they work for Example Corp") from identity ("this person owns this account").

Introducing single-sign-on as one way to simplify login, and potentially as a second-factor for gaining access to repositories run by the business, makes sense. Making developers create entirely separate accounts doesn't.

[cstejerean]

But it's not just about having access to example corp. If I log in to GitHub from my work laptop then my company technically has access to my personal GitHub account and the repos of any other organization I happen to belong to. It goes the other way around to. If an attacker hacks my personal laptop and I'm logged into GitHub then they have access to all of my companies repositories.

There are perfectly valid reasons for segregating accounts so that there is complete separation between them.

[zawaideh]

You company only managed your membership in the GitHub organization. It doesn't have access your personal account or the details within it.

[cstejerean]

It does if I am logged in on a company laptop and they control access to that laptop. (This is hypothetical in this case, I happen to know that the particular company I work at does not have any backdoors on my laptop).

[JoshTriplett]

That's why I'm saying it may make sense to separate identity from access.

[zawaideh]

It is the first scenario not the second. The person is gaining access to the GitHub organization via SAML SSO. They are bringing their own identity and do not lose access.