The time has come: GitHub expands 2FA requirement rollout March 13
Enlarge / A GitHub-made image accompanying all the company's communications about 2FA. (credit: GitHub)
Software development tool GitHub will require more accounts to enable two-factor authentication (2FA) starting on March 13. That mandate will extend to all developers who contribute code on GitHub.com by the end of 2023.
GitHub announced its plan to roll out a 2FA requirement in a blog post last May. At that time, the company's chief security officer said that it was making the move because GitHub (which is used by millions of software developers around the world across myriad industries) is a vital part of the software supply chain. Said supply chain has been subject to several attacks in recent years and months, and 2FA is a strong defense against social engineering and other particularly common methods of attack.
When that blog post was written, GitHub revealed that only around 16.5 percent of active GitHub users used 2FA-far lower than you'd expect from technologists who ought to know the value of it.