GitHub Announcing a major change this Wednesday (4) in an effort to improve user security. platform will require all registered developers to enable one or more forms of two-factor authentication (2FA) to access the service.
The change in usage policy is an important step towards “securing the software supply chain,” according to Mike Hanley, director of security for the code hosting platform. he stated Developer accounts are frequently the target of cyberattacks and therefore there is a need to strengthen protection.
These security breaches are mostly related to: social engineering and stealing or leaking credentialsAccording to Hanley, it allows attackers to access victims’ accounts and the resources they use. From there, cybercriminals can steal the proprietary code or make malicious changes to it, putting everyone who uses it at risk.
With that in mind GitHub, password-based basic authentication to perform certain tasks on the platform. The service has set a timeline for mandatory 2FA activation that will expire in late 2023, when all developers must enable two-factor authentication.
low commitment
Despite being a tool that provides significantly additional protection for online accounts, multi-factor authentication is still underused on GitHub. Currently, only 16.5% of active users have enhanced security enabled on their profile.
Currently, low adherence to the mechanism is one of the reasons that aggravates the necessity of 2FA on the platform. The service also has other features such as support. WebAuthn security keys and email-based device authentication.
More details on the two-factor authentication requirement and the exact timetable for deployment of the tool will be released shortly.
Source: Tec Mundo
