News

GitHub users will be required to use two-factor authentication by 2023

By the end of 2023, all users who contribute to GitHub will be required to use two-factor authentication (2FA) on their respective accounts, the platform announced Wednesday.

An estimated 83 million enable enabling, a number that is not limited to users who code, use Actions, open or combine surveys, or those who publish packages.

Image: Mohammad Rahmari/Unsplash

Physical security keys, virtual security keys embedded in devices such as phones and laptops, or Time-Based One-Time Password (TOTP) authenticator applications can be used.

While it is permissible to use one or more authentication options, GitHub insists that SMS-based 2FA, despite being an option in some countries, be replaced by security keys or TOTPs, as threat actors can bypass or steal automatic tokens. delivered by SMS.

As with the GitHub.com organization, business owners can also require the use of 2FA from members of their organizations and companies, according to Platform Security Director Mike Hanley. “Note that the organization and members and business owners who do not use 2FA will be removed from the organization or business when these settings are enabled,” he warns.

GitHub users will be required to use two-factor authentication by 2023

Image: Markus Winkler/Unsplash

By enforcing the use of 2FA to access accounts, the platform wants to increase resistance against intrusion attempts, the use of stolen credentials or reused passwords from session hijacking attacks.

The measure is not new. In 2019, GitHub announced the requirement on email-based device verification and temporary account passwords to authenticate operations on the hosting platform. In November 2020, there was a REST API password disablement and support for FIDO2 security keys added to protect SSH Git operations six months later.

Two-factor authentication, login alerts, blocking the use of compromised passwords, and WebAuthn support have also been added over the years.

In the announcement, Hanley noted that “only approximately 16.5% of active GitHub users and 6.44% of npm users use one or more forms of 2FA.”

Multi-Factor Authentication on GitHub: How to Configure, Recover, and Disable

GitHub users will be required to use two-factor authentication by 2023

Image: Richy Great/Unsplash

GitHub provides detailed information on how configure 2FA to your GitHub account, recover accounts when losing 2FA credentialsand disable 2FA for personal accounts.

Via BleepingComputer

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *