BingoTingo Best Place To Gain Knowledge & WP Theme
GitHub has announced that it will soon be rolling out the mandatory use of two-factor authentication (2FA) on developer accounts.
The software development platform will initially email small groups of administrators and developers to notify them of the change to their accounts before eventually enrolling the entire 100 million user base in 2FA by the end of the year.
“GitHub has designed a rollout process designed to minimize unexpected interruptions and loss of productivity for users and prevent account lockouts,” said Staff Product Manager Hirsch Singhal and Product Marketing Director Laura Paine in a joint blog post. (opens in new tab) on the company’s website.
Increase security
“Groups of users will be asked to enable 2FA over time, with each group selected based on the actions they’ve taken or the code they’ve contributed to.”
Once a user receives the 2FA email, they have 45 days to set it up on their account.
If users still haven’t activated it after this point, they will be blocked from the full functionality of their account until 2FA is configured by them. However, to avoid surprises, GitHub keeps users updated on how long they have left.
GitHub previously announced in May and December 2022 that 2FA was coming soon, and to further prepare its users, it has also published a guide on how to configure 2FA (opens in new tab) and how to recover (opens in new tab) your account if you lose your 2FA device.
2FA is a kind of multi-factor authentication, an extra layer of security to make sure it’s you who can actually access your account with your username and password. A code is sent to another device, usually your smartphone, which you enter after entering your credentials to verify your identity.
For most services that use 2FA, the code can be delivered via SMS or an authenticator app. In addition, GitHub also supports 2FA via physical security keys and its own GitHub iOS and Android mobile apps.
However, GitHub does not recommend that users opt for SMS 2FA as it is less secure than other forms as messages can be intercepted and the generated authentication tokens stolen.
The move to enforce 2FA follows GitHub’s recent efforts to make its service more secure. Authentication of Git operations via user account password has been revoked (opens in new tab) in 2019, instead requires the use of authentication tokens such as SSH keys, which can then be further secured with security keys from 2021 (opens in new tab).
