Raising the Bar for Software Security: GitHub 2FA Begins March 13
guest reader writes:
On March 13, we will officially begin rolling out our initiative to require all developers who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023.
GitHub is central to the software supply chain, and securing the software supply chain starts with the developer. Our 2FA initiative is part of a platform-wide effort to secure software development by improving account security. Developers' accounts are frequent targets for social engineering and account takeover (ATO). Protecting developers and consumers of the open source ecosystem from these types of attacks is the first and most critical step toward securing the supply chain.
[...] If your account is selected for enrollment, you will be notified via email and see a banner on GitHub.com, asking you to enroll. You'll have 45 days to configure 2FA on your account-before that date nothing will change about using GitHub except for the reminders. We'll let you know when your enablement deadline is getting close, and once it has passed you will be required to enable 2FA the first time you access GitHub.com. You'll have the ability to snooze this notification for up to a week, but after that your ability to access your account will be limited.
So, what if you're not in an early enrollment group but you want to get started? Click here and follow a few easy steps to enroll in 2FA.
[...] You can choose between TOTP, SMS, security keys, or GitHub Mobile as your preferred 2FA method.
Recent GitHub security incidents:
GitHub says hackers cloned code-signing certificates in breached repository(1/30/2023)
Slack's private GitHub code repositories stolen over holidays(1/5/2023)
Okta's source code stolen after GitHub repositories hacked(12/21/2022)
Read more of this story at SoylentNews.