It is no secret that cybersecurity is of utmost importance in the ever-evolving digital world that we now live in. Now, GitHub is taking a big step towards protecting its 100 million developer users by requiring two-factor authentication (2FA) for all contributors to their code-hosting platform.
As outlined in a statement back in May 2021, with the intent of making 2FA mandatory by the end of 2023, the process started earlier in the year with the top 100 packages, followed by other “high-impact” packages with more than 1 million weekly downloads or more than 500 dependents.
Come the 13th of March (2023), all developers present on the platform who contribute code to any project, will be subjected to two-factor authentication. The enforcement will roll out incrementally throughout the rest of the year, as GitHub starts sending developers targeted emails and prompts on their dashboard asking them to sign up. Moreover, within the set 45 day period, they need to activate 2FA and if not, they will be unable to access their GitHub account.
Currently, developers have four 2FA mechanisms to choose from including SMS, physical security keys, third-party authenticator apps, and the GitHub mobile app. With the importance of remaining protected, GitHub advises that people should have more than one method activated as a fail-safe measure.
Interestingly, it doesn’t just end here. After 28 days, there is a validation process to prevent developers from getting locked out of their accounts due to any misconfigured devices/apps or incorrect mobile phone number.
For many, the issue of security has been a cause for concern especially with the backdrop of high-profile attacks in the past couple of years. It’s even more concerning with the use of open source software- which most software contains at least some form of – and with the handwork of developers (who are usually working for no financial support) at stake, GitHub’s latest move is set to go some way in reducing the vulnerability of the platform.
This important step taken by GitHub is essential towards ensuring the security across the global software supply chain and is set to lay the foundations for future success. However, one cannot ignore the importance of contributions from people worldwide and their commitment to safety!
It goes without saying that everybody has a part to play in keeping the world wide web secure, and make sure your account is safe by enabling two-factor authentication. So what are you waiting for? It only takes a couple of minutes and makes the internet a better and safer place!
Share your experiences or thoughts on this in the comments below.