GitHub announced a major change on Wednesday to improve user security. The platform requires all registered developers to enable one or more forms of two-factor authentication (2FA) to access the service.
Interesting: Why do you always need to update your smartphone?
According to Mike Henley, director of code hosting platform security, the change in usage policy is an important step for “software supply chain security.” He stated that developer accounts have become the target of frequent cyberattacks, and therefore it is necessary to strengthen the protection.
These security breaches mostly involve social engineering and the theft or leakage of credentials, according to Henley, allowing attackers to gain access to victims’ accounts and the resources they use. From here, cybercriminals can steal private code or make harmful changes to it, putting everyone who uses it at risk.
With this in mind, GitHub has decided to discontinue basic password-based authentication for certain tasks on the platform. The service has set a schedule for mandatory 2FA activation ending at the end of 2023, when all developers must have two-factor authentication enabled.
While it is a tool that provides significant additional security for online accounts, multi-factor authentication is still underused on GitHub. Currently, only 16.5% of active users have enhanced security enabled on their profiles.
Interesting: The best antivirus apps for iPhone in 2022.
The low commitment to the mechanism at the moment is one of the reasons burdening 2FA commitments on the platform. The service also has other features such as support for WebAuthn security keys and email-based device verification.
More details on the two-factor authentication requirements and the full rollout schedule for the tool will be posted shortly.