I know it is an unpopular opinion, but it is a huge headache in general. I don't think the theoretical benefits (which make total sense) actually pay off in reality and are worth the extra headache. I'm not saying they should not have it at all, but it should be at least opt-out instead of forced.
In the case of github, I think it is part of their long drawn out plan of data collection and proprietary lock down. Next they are going to require your house address and government ID. I feel better using an free and open source platform anyway.
Well, if you use a password manager such as bitwarden you can store your 2FA one ctrl-v away. Even if this is a less secure setup, that still prevents someone eavesdropping on your password from reusing it.
Where does this even come from, passwords are increasingly insecure and adding another factor, especially authenticator codes, doesn't even require you to give up a single new piece of personal information. The entire thing is just adding a local code that your program of choice remembers and uses to generate the one-time password. No data collection, no proprietary software. Other areas might be doing bad shit for all I know, but this change is entirely a forced security measure because people are too bad at passwords.
After seing the frequent attempted logins on my Microsoft account, I'm "just" a lucky guess away from losing it if I do not have another thing blocking access.
Unless you clear cookies constantly, you need to login just once in a while, where is this huge headache?
Password get stolen, 2FA protect you from that.