GitHub Issues Compulsory 2FA Transition For Developers

Share post:

GitHub will roll out two-factor authentication to all contributing developers on its platform by the end of 2023.

GitHub began the transition in February 2022 with the registration of all maintainers of the top-100 packages on the npm registry in mandatory 2FA. However, the company stated that only 16.5% of active GitHub users and 6.44% of npm users have enabled one or more forms of 2FA.

The new 2FA requirement aims to reduce the risk of social engineering attacks, login theft, and other tactics used to gain access to developer accounts. It will also help secure the software supply chain.

According to Myles Borins, product manager at GitHub, about 88% of the top 100 maintainers have already activated 2FA.

To continue the trend of getting more participants to use multi-factor authentication, GitHub plans to register maintainers of all powerful packages, which include packages with more than 500 dependents or one million weekly downloads.

GitHub also identified recommendations to protect the software supply chain, including configuring 2FA authentication for personal accounts, connecting to GitHub using SSH keys, centralizing user authentication, configuring 2FA for organizations, and creating vulnerability programs for dependencies.

Others include securing their communication tokens, keeping vulnerable coding patterns from their repository, signing their builds, and tightening security for GitHub actions.

The sources for this piece include an article in TechRepublic.

Featured Tech Jobs


Related articles

Google delays launch of new AI model Gemini

Google's highly anticipated AI model, Gemini, has had its launch rescheduled to early 2024, as reported by The...

Canadian group gets $2.2 million to research AI threat detection for wireless networks

Ericsson Canada and three universities have been awarded funds by the National Cybersecurity

Proposed Canadian AI law ‘fundamentally flawed,’ Parliament told

A privacy lawyer said the proposed AI bill is vague and sets a dangerous precedent

Canada, U.S. sign international guidelines for safe AI development

Eighteen countries, including Canada, the U.S. and the U.K., today agreed on recommended guidelines to developers in their nations for the secure design, development, deployment, and operation of artificial intelligent systems. It’s the latest in a series of voluntary guardrails that nations are urging their public and private sectors to follow for overseeing AI in

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways