GitHub Makes Two-Factor Authentication Mandatory
To stop hackers from tampering with the software supply chain, GitHub will force users to adopt two-factor authentication (2FA) starting on March 13.
The requirement will first roll out to small groups of users before GitHub scales the requirement to more people as the year goes on. The goal is to make the 2FA requirement mandatory for all users before the end of 2023.
“If your account is selected for enrollment, you will be notified via email and see a banner on GitHub.com, asking you to enroll,” the company wrote in a blog post(Opens in a new window) on Thursday. “You’ll have 45 days to configure 2FA on your account—before that date nothing will change about using GitHub except for the reminders.”
GitHub originally announced the 2FA requirement last year, citing the threat of hackers hitting the software supply chain. Microsoft-owned GitHub is best known as a code repository platform, where developers can post and contribute to open-source software projects, and integrate them into their own products.
GitHub has since attracted over 100 million developers across the globe. But the platform is a ripe target for abuse. For instance, a hacker could tamper with a popular coding project on GitHub and cause it to secretly load malware onto a computer. Software developers could then inadvertently cause the malicious code to spread by incorporating it into their own products.
In addition, a hacker could break into a GitHub developer’s account to steal code on proprietary software. “Developer accounts are frequent targets for social engineering and account takeover, and protecting developers from these types of attacks is the first and most critical step toward securing the supply chain,” Mike Hanley, chief security
Read more on pcmag.com
