GitHub will require two-factor authentication starting next week

From next Monday (13), HE GitHub will require the use of two-factor authentication (2FA). Initially, the feature will be available to a select group of developers and will be available to the remaining users later this year.

According to the platform, GitHub is the hub of an open source software supply chain. For this reason, For accounts that are often the target of social engineering and other cyberattacks, it is very important to raise the level of security..

briefly, selected users will receive an email from GitHub with instructions to enable 2FA. Then the developer person will have 45 days to configure the account with an authentication app (e.g. Google Authenticator).

After the stipulated time, unregistered developers will have limited access to account functions. If the professional is on vacation or out of the office during the period, the enrollment may be delayed and then take place within a week.

GitHub states that 28 days after you enable the security feature, you will be asked for 2FA verification to use the platform. In case of registration errors or loss of the second factor, this allows the person to reconfigure the functionality of the account.

Besides, Developers and owners of critical repositories will be able to select a group of participants to enable 2FA. These contacts will also receive an email and will need to perform the same actions outlined above.

More security, more productivity

As mentioned, the deployment of the 2FA role on GitHub will be gradual. The platform reports that the process is planned to “avoid account blocking, while minimizing unexpected outages and loss of productivity.”

Therefore, registration is expected to be “as easy as possible using reliable and secure methods”. As a result, developers will make sure that accounts will only be accessed by account holders.

For accounts that are not part of the initial 2FA enrollment group, GitHub allows you to complete the process individually.. Next, users must enter the page dedicated to the security feature and follow the instructions (in English).

Finally, platform reveals running internal tests with format Google Pass Key to provide even more secure and phishing-proof authentication. However, there is no information on when the feature will be available.