GitHub says 2FA is mandatory for developer’s accounts
According to a recent report by TechRadar, GitHub has made it compulsory for all accounts to apply two-factor authentication. Reportedly, GitHub has made it mandatory for accounts that should be followed by the end of 2023.
We know that GitHub is one of the main sites for developers regarding software development. Currently, the platform holds 100 million users. for this reason, there need to be proper security measures in order to ensure that everything is safe. Reportedly, the platform has sent emails to administrators and developers to update them about the 2FA settings. Where normal users are required to follow the new rule by 2023’s end.
The blog post of the company indicates that the GitHub 2FA has begun on March 13. Developers need to turn on one form of 2FA for their accounts. Furthermore, the platform clarifies the recent strategy by saying that it intends to reduce sudden disruptions and yield loss for users and prevent account lockouts.”
The requirement for activation of 2FA for GitHub accounts varies for different user groups. Target groups are selected based on their actions and the code that they are working on. Every group is presented with a deadline. Prior to the deadline, the platform shares a notice approximately 45 days before. In case, if the deadline is missed, users will be asked for 2FA by the time they visit GitHub daily. If this is not the case, access to the platform will be denied until or unless users activate the 2FA feature for their account.
Furthermore, the platform asks users to perform a 2FA checkup after an interval of 28 days to make sure that everything is safe and secure. Besides this, the platform offers the users three different 2FA methods i.e.,
- security keys
- time-based one-time password (TOTP)
Do note that the platform recommends security keys and TOTPs. SMS is considered less safe. For this reason, it is not recommended under NIST 800-63B. In addition to this, the platform has outlined a guideline regarding the configuration of 2FA and instructions about how to retrieve your account in case a user loses 2FA credentials.
Brian is the news author at Research Snipers which mainly covers Technology News, Microsoft News, Google News, Facebook, Apple, Huawei, Xiaomi, and other tech news.