GitHub to introduce two-factor authentication by 2023
GitHub.com will require 2FA by the end of 2023, as the company works to secure the software ecosystem through improved account security
GitHub has announced that developers contributing code to its platform will be required to use two-factor authentication (2FA) by the end of 2023.
The move forms part of the Microsoft-owned company’s drive to make the software ecosystem more secure and improving individual account security.
The truth about cyber security training
Stop ticking boxes. Start delivering real change.Free download
Most security breaches involve lower-cost attacks such as social engineering or credential theft or leakage, GitHub says, which provide attackers with a broad range of access to victims’ accounts and their resources. Compromised accounts can then be used to steal private code or make malicious changes.
Currently, just 16.5% of active GitHub users use one or more forms of 2FA, which provides a powerful next line of defense in securing critical business systems.
Back in February, the company made 2FA mandatory for all maintainers of the top-100 packages on the NPM registry before March saw all NPM accounts automatically enrolled in enhanced login verification.
From May 31, it will be mandatory for all maintainers of the top-500 packages to use 2FA, with maintainers of high-impact packages to follow suit in Q3 of this year.
“At GitHub, we believe that our unique position as the home for all developers means that we have both an opportunity and a responsibility to raise the bar for security across the software development ecosystem,” explained Mike Hanley, GitHub’s Chief Security Officer, in a blog post.
“While we are investing deeply across our platform and the broader industry to improve the overall security of the software supply chain, the value of that investment is fundamentally limited if we do not address the ongoing risk of account compromise.”
GitHub said this push with NPM packages will help enable it to realise its wider drive to implement mandatory 2FA across its whole platform by 2023.
“GitHub is committed to making sure that strong account security doesn’t come at the expense of a great experience for developers, and our end of 2023 target gives us the opportunity to optimize for this,” Hanley said.
“As standards evolve, we’ll continue to actively explore new ways of securely authenticating users, including passwordless authentication.”
Activation playbook: Deliver data that powers impactful, game-changing campaigns
Bringing together data and technology to drive better business outcomesFree Download
In unpredictable times, a data strategy is key
Data processes are crucial to guide decisions and drive business growthFree Download
Achieving resiliency with Everything-as-a-Service (XAAS)
Transforming the enterprise IT landscapeFree Download
What is contextual analytics?
Creating more customer value in HR software applicationsFree Download