IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

GitHub to introduce two-factor authentication by 2023

GitHub.com will require 2FA by the end of 2023, as the company works to secure the software ecosystem through improved account security

GitHub has announced that developers contributing code to its platform will be required to use two-factor authentication (2FA) by the end of 2023. 

The move forms part of the Microsoft-owned company’s drive to make the software ecosystem more secure and improving individual account security.

Related Resource

The truth about cyber security training

Stop ticking boxes. Start delivering real change.

Pair of feet in socks with a chair and plant in the backgroundFree download

Most security breaches involve lower-cost attacks such as social engineering or credential theft or leakage, GitHub says, which provide attackers with a broad range of access to victims’ accounts and their resources. Compromised accounts can then be used to steal private code or make malicious changes. 

Currently, just 16.5% of active GitHub users use one or more forms of 2FA, which provides a powerful next line of defense in securing critical business systems.

Back in February, the company made 2FA mandatory for all maintainers of the top-100 packages on the NPM registry before March saw all NPM accounts automatically enrolled in enhanced login verification.

From May 31, it will be mandatory for all maintainers of the top-500 packages to use 2FA, with maintainers of high-impact packages to follow suit in Q3 of this year.

“At GitHub, we believe that our unique position as the home for all developers means that we have both an opportunity and a responsibility to raise the bar for security across the software development ecosystem,” explained Mike Hanley, GitHub’s Chief Security Officer, in a blog post.

“While we are investing deeply across our platform and the broader industry to improve the overall security of the software supply chain, the value of that investment is fundamentally limited if we do not address the ongoing risk of account compromise.”

GitHub said this push with NPM packages will help enable it to realise its wider drive to implement mandatory 2FA across its whole platform by 2023.

“GitHub is committed to making sure that strong account security doesn’t come at the expense of a great experience for developers, and our end of 2023 target gives us the opportunity to optimize for this,” Hanley said.

“As standards evolve, we’ll continue to actively explore new ways of securely authenticating users, including passwordless authentication.”

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Google unveils new Assured Open Source Software service
open source

Google unveils new Assured Open Source Software service

18 May 2022
Malwarebytes hires new channel chief to lead MSP and partner network
Managed service provider (MSP)

Malwarebytes hires new channel chief to lead MSP and partner network

18 May 2022
Palo Alto and Deloitte to deliver managed security services in the US
Managed service provider (MSP)

Palo Alto and Deloitte to deliver managed security services in the US

17 May 2022
US and EU thrash out plans to avert chip production “subsidy race”
Hardware

US and EU thrash out plans to avert chip production “subsidy race”

17 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022