Security News > 2023 > March > GitHub to introduce mandatory 2FA authentication starting March 13
Starting March 13, GitHub will gradually introduce the 2FA enrollment requirement to groups of developers and administrators, beginning with smaller groups.
In case your account is selected for enrollment, you will receive a notification via email and see a banner on GitHub.com requesting you to enroll in 2FA. You will have a 45-day window to configure 2FA on your account, and before that date, you can continue to use GitHub as usual except for the occasional reminders.
"We have seen a real trend of attackers targeting private Git repositories through targeted campaigns against developers. 2FA is a welcome step by GitHub that will positively impact code security. However, code is still a leaky asset, and organizations shouldn't rely on 2FA and instead ensure no sensitive data is stored in Git or code," Mackenzie Jackson, Developer Advocate at GitGuardian, told Help Net Security.
GitHub 2FA highlights Second-factor validation after 2FA setup.
The new preferred option empowers you to select between TOTP, SMS, security keys, or GitHub Mobile as your preferred 2FA method.
Although SMS-based 2FA is no longer recommended under NIST 800-63B, it remains a valid 2FA method.
News URL
https://www.helpnetsecurity.com/2023/03/09/github-mandatory-2fa/