Two Factor Authentication on GitHub will Become Mandatory in 2023

GitHub announces that it is introducing new rules regarding security and two-factor authentication (2FA). By the end of 2023, all users contributing code to the platform will be required to enable two-factor authentication on their accounts.

Platform representatives write that GitHub is “the home of all developers” and is in a unique position that allows it to “raise the bar for security in the software development ecosystem.”

With supply chain attacks on the rise lately, GitHub has made the decision to make 2FA mandatory by the end of 2023 to ensure the best possible security for all developer accounts on and prevent other repositories from being hacked.

The new rules will apply to all active contributors, including GitHub users who commit code, use Actions, use pull requests, and publish packages. Developers will be able to use one or more two-factor authentication options, including hardware and virtual security keys (including those built into devices such as phones and laptops), as well as TOTP applications and SMS messages. However, GitHub does not recommend using the latter option, since bypassing or stealing authentication tokens from SMS is not so difficult.

According to official statistics, currently, only 16.5% of active GitHub users and 6.44% of npm users use 2FA in some form.

Team ONH
Team ONH
We at OurNetHelps share with you the latest news, how-to guide, tips, and tricks.

Latest Articles