GitHub to Enforce Two-Factor Authentication for All Users
GitHub has announced that it will soon be rolling out the mandatory use of two-factor authentication (2FA) on developer’s accounts. The software development platform will initially be emailing small groups of administrators and developers, notifying them of the change to their accounts, before its entire 100 million strong user base will eventually be enrolled on 2FA by the end of the year.
“GitHub has designed a rollout process intended to both minimize unexpected interruptions and productivity loss for users and prevent account lockouts,” said Staff Product Manager Hirsch Singhal and Product Marketing Director Laura Paine in a joint blog post on the company’s site.
“Groups of users will be asked to enable 2FA over time, each group selected based on the actions they’ve taken or the code they’ve contributed to.”
Once a user receives the 2FA email, they will have 45 days to set it up on their account. If users still haven’t activated it after this point, they will be blocked from the full functionality of their account until 2FA has been configured by them. To prevent any surprises, though, GitHub will keep users updated on how long they have left.
GitHub previously announced in May and December 2022 that 2FA would be coming soon, and to further prepare its users, it has also published a guide on configuring 2FA and how to recover your account should you lose your 2FA device.
2FA is a type of multi-factor authentication, an extra layer of security to make sure it is actually you who is accessing your account with your username and password. A code is sent to another one of your devices, typically your smartphone, which you input after entering your login details to authenticate your identity. For most services that use 2FA, the code can be delivered via SMS or an authenticator app. In addition to these, GitHub will also support 2FA via physical security keys and its own GitHub iOS and Android mobile apps.
GitHub, however, isn’t recommending that users opt for SMS 2FA, as this is less secure than other forms, as messages can be intercepted and the authentication tokens generated can be stolen. The move to enforce 2FA follows GitHub’s recent efforts to make its service more secure. Authenticating Git operations via a user’s account password was revoked in 2019, instead requiring the use of authentication tokens such as SSH keys, which could then be further secured by security keys from 2021.
GitHub’s decision to enforce 2FA for all users is a welcome move in the ongoing battle against cyber threats. By adding an extra layer of security, users can be confident that their accounts are better protected from unauthorized access. While the move may cause some initial inconvenience, the long-term benefits of increased security far outweigh any short-term disruption.
- Here are the best mobile app development software