[coldpie]

Yeah but my point is they probably did the other 499,990 things right, but will get no credit for it.

[sitkack]

This isn't an individual issue, this is an organizational systemic issue. It isn't on the individual to "do better" or not make mistakes. Even if they had made a PAT, there should be an org level policy that PAT tokens can only last x-days where x is very short (as an example, PAT tokens should be banned).

[x0x0]

Not allowing long-lived, powerful tokens is so basic that I'm skeptical they did very much right.