GitHub Plans to Roll Out Mandatory 2FA to Strengthen Security

GitHub, the leading software development platform, is all set to take a bold step to fortify its user accounts against cyber threats.

With vulnerabilities looking menacing within the software development ecosystem and the rise of software supply chain attacks, the platform has strategized a comprehensive approach to make 2FA mandatory.

As GitHub mandates all user accounts be protected by 2FA, its commitment becomes pronounced to securing both institutional and personal data from malicious actors.

John Swanson, GitHub's Director of Security Strategy, recently shared the platform's journey to 2FA at the Black Hat security conference in Las Vegas.

Although the adoption of 2FA would offer an additional layer of security, users often need to be nudged to enable the feature. Prioritizing the urgency of this implementation amidst growing threats to the software supply chain, the platform decided to mandate 2FA use.

At the end of the day, the easiest way to compromise the software supply chain is to compromise an individual developer or engineer.John SwansonGithub's Dedication To User Security

GitHub's approach to mandating 2FA reflects its dedication to user privacy and security. Unlike hardware-based ecosystems like Apple or Google, GitHub operates as a web platform.

Swanson further stressed that GitHub has more than 100 million users - a massive user base like this needs to enable 2FA sooner or later.

This calls for tailored strategies to ensure a seamless transition to 2FA. Swanson also acknowledged that GitHub's global customer base uses the platform in diverse circumstances. This mandates the company's commitment to offer 2FA and cater to different needs.

Considering security issues, the platform aims to go beyond SMS-based codes so that their security isn't compromised. The 2FA options at GitHub include mobile push message-based authentication, code-generating apps, and hardware authentication tokens.

Before rolling out the feature, the company researched for over two years to enhance user experience using 2FA. Besides, the company revamped the onboarding process to prevent user misconfigurations that often led to account lockouts. This emphasized the importance of downloading backup recovery codes to ensure access in case of emergencies.

The Outcome Of Github's Technical Improvements

The outcome of GitHub's technical improvements seems to be promising. Swanson reported a 38% rise in the number of users downloading their recovery codes. Besides, there has been a remarkable 42% dip in support tickets involving 2FA. The platform has also recorded a 33% drop in attempts to recover locked accounts.

As GitHub focuses on its efforts to roll out the mandatory 2FA feature, the platform hasn't missed out on educating its users. Over the last 45 days, users have received a series of informative emails from the platform.

Along with site banners, these emails have notified them about the changes.

Then they have an option right at the end of the 45 days for a one-time, seven-day opt-out if they must...But after the seven days, you are blocked from accessing github.com. There is no option for an opt-out at this point.John Swanson

GitHub is steadfast in its approach to ensuring user security, unlike other platforms that offer some flexibility in enabling 2FA. The platform aims to enforce 2FA across the board, barring exceptional accessibility concerns.

The post GitHub Plans to Roll Out Mandatory 2FA to Strengthen Security appeared first on The Tech Report.