Skip to content
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
The Reimage Blog
Menu
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
Facebook Twitter
Home  /  Privacy and Security  /  GitHub Makes Two-Factor Authentication Mandatory
PostedinPrivacy and Security Posted on March 13, 2023

GitHub Makes Two-Factor Authentication Mandatory

Posted By Shannon.Smith

GitHub is instituting the requirement to help protect the open-source software supply chain from malicious threats. But the rollout will be gradual.

To stop hackers from tampering with the software supply chain, GitHub will force users to adopt two-factor authentication (2FA) starting on March 13. 

The requirement will first roll out to small groups of users before GitHub scales the requirement to more people as the year goes on. The goal is to make the 2FA requirement mandatory for all users before the end of 2023.

“If your account is selected for enrollment, you will be notified via email and see a banner on GitHub.com, asking you to enroll,” the company wrote in a blog post on Thursday. “You’ll have 45 days to configure 2FA on your account—before that date nothing will change about using GitHub except for the reminders.” 

GitHub Timeline on the 2FA requirement.
GitHub 2FA prompt | Credit: GitHub

GitHub originally announced the 2FA requirement last year, citing the threat of hackers hitting the software supply chain. Microsoft-owned GitHub is best known as a code repository platform, where developers can post and contribute to open-source software projects, and integrate them into their own products.   

GitHub has since attracted over 100 million developers across the globe. But the platform is a ripe target for abuse. For instance, a hacker could tamper with a popular coding project on GitHub and cause it to secretly load malware onto a computer. Software developers could then inadvertently cause the malicious code to spread by incorporating it into their own products. 

In addition, a hacker could break into a GitHub developer’s account to steal code on proprietary software. “Developer accounts are frequent targets for social engineering and account takeover, and protecting developers from these types of attacks is the first and most critical step toward securing the supply chain,” Mike Hanley, chief security officer for GitHub, wrote in May. 

2FA (aka multi-factor authentication) can stymie hackers since it forces anyone signing into an account to supply both the correct password and a one-time passcode generated on the original account holder’s phone. This can make it harder, but not impossible, for an attacker to break in. 

RECOMMENDED BY OUR EDITORS

GitHub users looking to activate the 2FA before March 13 can go to their account settings. The platform offers 2FA through an authenticator app, a security key, and via SMS, although GitHub strongly recommends users drop the SMS option. Over the years, hackers have shown they can steal the one-time passcode generated over SMS by performing SIM swapping attacks on the victim’s phone number. Doing so can allow a hacker to intercept phone calls and SMS messages sent to the device. 

Still, GitHub decided to keep the SMS-based 2FA as an option for users worried about being locked out of their accounts. The platform added: “You can now have both an authenticator app (TOTP) and an SMS number registered on your account at the same time. While we recommend using security keys and your TOTP app over SMS, allowing both at the same time helps reduce account lock out by providing another accessible, understandable 2FA option that developers can enable.”

Written by Michael Kan
Source: PCMag.com
Featured Image Credit: Photo Illustration by Pavlo Gonchar/SOPA Images/LightRocket via Getty Images

Share on Facebook Share on Twitter
Previous Article
FlexClip review
Next Article
Google One Review

About Author

Shannon.Smith

Related Posts

  • CISA: Do these three things to toughen up your network against hackers

    March 17, 2023
  • Is Windows 11 spying on you? New report details eye-opening levels of telemetry

    February 9, 2023
  • ION Group ransomware attack affects trading across the world

    February 6, 2023
Scan Now

Categories

  • Business
  • Computer Help
  • Emerging Technology & News
  • Privacy and Security
  • Reviews

Reviews

Reimage Social

Security

Popular Posts

  • PCWorld calls Reimage “A Fantastic Repair Utility “ July 26, 2011 Reviews
  • 4 Ways to Keep the Ghouls & Goblins Away From Your PC October 26, 2010 Archive
  • The PC Key to Happiness – A Properly Maintained OS September 2, 2010 Archive
  • Google says hacked websites were attacking iPhones for years September 12, 2019 Privacy and Security

Random Posts

  • Reimage is a 'Cool Vendor' says Leading Industry Analyst Firm April 9, 2009 Archive
  • How to use Skype Meet Now for quick virtual meetings April 21, 2020 Computer Help
  • Apple acquires Fleetsmith, a company that streamlines deployment of Apple devices in the workplace June 25, 2020 Business
  • Now, That’s a Flex! First Look at Lenovo’s Rolling Laptop and Phone Screens February 27, 2023 Reviews
© Copyright 2019
We use cookies to ensure that we give you the best experience on our website.Ok