Comment by thih9
If this was within my first year of owning a GitHub account, I would absolutely fall for this.
It's not much different from setting up your ssh key - something that you have to do; and new users also go through this workflow by copy pasting commands that GitHub sends them.
A prime example how all the paranoid security hoops can easily make things more insecure in aggegate.
Since Microsoft embracing and extending it, GitHub has become one of the worst offenders.