GitHub to require two-factor authentication

© iStock.

GitHub, the code hosting platform used by tens of millions of developers throughout the world, announced that users who upload code will need to enable one or more forms of two-factor authentication (2FA) before the end of 2023 to keep using the site. GitHub claims that it’s to better protect the integrity of the software development process in view of the many threats posed by malicious actors who might attempt to seize control of developers’ accounts. “Developer accounts are frequent targets for social engineering and account takeover, and protecting developers from these types of attacks is the first and most critical step toward securing the supply chain,” explains Mike Hanley, GitHub’s Chief Security Officer (CSO). Currently, only 16.5%, or one out of six active users, enable their account’s enhanced security measures. That’s not much, for a crowd that should be well aware of security issues.

⇨ The Verge, Corin Faife, “GitHub will require all code contributors to use two-factor authentication.”

2022-05-04