GitHub Issues Compulsory 2FA Transition For Developers

Share post:

GitHub will roll out two-factor authentication to all contributing developers on its platform by the end of 2023.

GitHub began the transition in February 2022 with the registration of all maintainers of the top-100 packages on the npm registry in mandatory 2FA. However, the company stated that only 16.5% of active GitHub users and 6.44% of npm users have enabled one or more forms of 2FA.

The new 2FA requirement aims to reduce the risk of social engineering attacks, login theft, and other tactics used to gain access to developer accounts. It will also help secure the software supply chain.

According to Myles Borins, product manager at GitHub, about 88% of the top 100 maintainers have already activated 2FA.

To continue the trend of getting more participants to use multi-factor authentication, GitHub plans to register maintainers of all powerful packages, which include packages with more than 500 dependents or one million weekly downloads.

GitHub also identified recommendations to protect the software supply chain, including configuring 2FA authentication for personal accounts, connecting to GitHub using SSH keys, centralizing user authentication, configuring 2FA for organizations, and creating vulnerability programs for dependencies.

Others include securing their communication tokens, keeping vulnerable coding patterns from their repository, signing their builds, and tightening security for GitHub actions.

The sources for this piece include an article in TechRepublic.

SUBSCRIBE NOW

Related articles

WordPress Co-Founder Warns Lawsuits Could Kill WordPress.org

WordPress co-founder Matt Mullenweg has warned that ongoing lawsuits stemming from his conflict with hosting provider WP Engine...

Anthropic’s AI Agents Take a Big Leap: Direct Computer Control

Anthropic has unveiled a groundbreaking capability for its Claude large language model: the ability to directly interact with...

AI Agents Could Surpass Humans as Primary App Users by 2030, Accenture Predicts

AI agents are poised to transform the way we interact with digital systems, potentially becoming the primary users...

Linux Foundation Launches Initiative to Make Chromium Truly Open Source

The Linux Foundation has announced a new initiative to reduce Google's control over Chromium, the open-source browser engine...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways