Sign In

Communications of the ACM

ACM Careers

GitHub Will Require All Code Contributors to Use Two-Factor Authentication

View as: Print Mobile App Share:
two-factor authentication concept, illustration

GitHub has trailed mandatory use of 2FA with contributors to JavaScript libraries distributed through NPM.

GitHub, the code hosting platform used by tens of millions of software developers worldwide, said that all users who upload code to the site will need to enable one or more forms of two-factor authentication by the end of 2023 in order to continue using the platform.

"Developer accounts are frequent targets for social engineering and account takeover, and protecting developers from these types of attacks is the first and most critical step toward securing the supply chain," GitHub's chief security officer Mike Hanley said in a blog post.

GitHub's internal research shows that only around 16.5 percent of active users currently enable the enhanced security measures on their accounts — a surprisingly low figure given that the platform's user base.

GitHub hopes the higher minimum standard of protection will boost the security of the software development community as a whole, Hanley said. "GitHub is in a unique position . . . [to] have a significant positive impact on the security of the overall ecosystem," he said.

From The Verge
View Full Article


No entries found