GitHub will require two-factor authentication for all coders

[ad_1]

GitHub is making a major push toward two-factor authentication (2FA), requiring all users who contribute code to GitHub-hosted repositories to enable one or more forms of 2FA by the end of 2023. The move will impact 83 million developers, at last count.

In explaining its reasoning, GitHub said most security breaches are not the product of exotic zero-day attacks, but rather involve lower-cost attacks like social engineering, credential theft or leakage, and other avenues that provide attackers with access to victims’ accounts. Compromised accounts can be used to steal private code or push out malicious changes to code, thus affecting application users, too. The potential for downstream impact to the broader software ecosystem and supply chain is substantial. The best defense is moving beyond password-based authentication, the company said.

GitHub already has taken steps in this direction by deprecating basic authentication for Git operations and GitHub’s REST API and requiring email-based device verification. In addition to a username and password, 2FA is a powerful next line of defense. Currently, only 16.5% of active GitHub users and 6.44% of NPM users use one or more forms of 2FA, GitHub said.

GitHub recently launched 2FA for GitHub Mobile on iOS and Android. Those who want to configure GitHub Mobile 2FA can learn how to do so from a GitHub blog post from January 2022. The company expects to provide more options for secure authentication and account recovery, along with improvements to recover from account compromise.

GitHub enrolled all maintainers of the top 100 packages in the NPM registry in mandatory 2FA in February, and enrolled all NPM accounts in enhanced log-in verification in March.

The company said all maintainers of the top 500 packages will be enrolled in mandatory 2FA on May 31. Maintainers of high-impact NPM packages, those with more than 500 dependents or one million weekly downloads, will be enrolled in 2FA in the third quarter of this year.

[ad_2]

Source link

Tags: Biggest Science And Technology Expo, Blair Technology Group Ebay Store, Blockchain Technology In Nigeria, Brockway Career And Technology Center, Communication Technology For Ell, Construction Management And Technology Articles, Cost Of Airline Technology Innovation, Curve Of Technology Expectation, D S Technology Usa, Dc Cbre Technology, Elevate Technology Solutions Hampton, Epoch Technology Consulting Contract, Famous Ted In Technology, Hao Huang Illinois Insttitue Technology, Happy Diwali Technology, Health Information Technology Across Departments, Health Information Technology Professional Networking, Holo Image Technology, Joint Engine Technology Definition, Latest End Mill Technology, Medical Technology Site:Harvard.Edu, Mental Helath Technology, Minnesota Technology Innovation Institute, Multimedia Technology Aiwa C6 Gps, North Carolina Technology Council, Performance Technology Trucking Canton Ohio, Peripheral Devices Technology In Action, Phase Technology Phase Velocity V62, Psprs Az Chief Technology Officer, Rna-Seq Technology Steps, San Francisco Technology Output, Scientific Technology Wireline, Secretly Harmful Technology, Skylake Z170 Smart Response Technology, Technology Addiction Support Group, Technology And Healthcare Jobs, Technology At Our Fingertips, Technology Based On Nature, Technology Book Bindings Manuscript, Technology Career Fair Los Angeles, Technology Data Entry Jobs, Technology Impacting Early Literacy, Technology In Education Program, Technology Is Hurting Education 217, Technology Leakage Problems, Technology Logos Man Hair, What Is It Technology Solutions, What Technology Does Belgium Have, What Technology In 10 Years, Youth Technology Leaders Of America

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30