Security News > 2021 > August > GitHub urges users to enable 2FA after going passwordless
GitHub urges its user base to toggle on two-factor authentication after deprecating password-based authentication for Git operations.
"If you have not done so already, please take this moment to enable 2FA for your GitHub account," the company's Chief Security Officer Mike Hanley said.
While SMS-based 2FA is also available, GitHub urges users to choose security keys or TOTPs wherever possible since SMS is less secure given that threat actors can bypass or steal SMS 2FA auth tokens.
GitHub also provides a step-by-step video guide on how you can enable your security key for SSH keys and Git commit verification.
Enforcing passwordless authentication via Git operations is important because it increases GitHub accounts' resilience against takeover attempts by preventing attackers' attempts to use stolen credentials or reused passwords to hijack accounts.
GitHub reminded users last week that account passwords will no longer be accepted for authenticating Git operations starting with August 13.