Security News > 2023 > March > GitHub rolling out two-factor authentication to millions of users

Different 2FA choices, but biometrics and passkeys trump SMS. GitHub is also offering a preferred 2FA option for account login with a sudo prompt, allowing users to choose between time-based one-time passwords, SMS, security keys or GitHub Mobile.

In a move toward closing loopholes to combat threat actors, GitHub expanded its secret scanning program last fall, allowing developers to track any publicly exposed secrets in their public GitHub repository.

A spokesperson for GitHub explained that, while the company won't offer specifics on how users qualify for being part of certain groups in the 2FA cadence, the person did say groups are determined, in part, based on their impact on the security of the broader ecosystem.

The process for GitHub contributors sets several time markers for initiating 2FA around a soft deadline.

GitHub contributors selected for a pending 2FA group will get advance notification by email 45 days before the deadline, informing them of the deadline and offering guidance on how to enable 2FA. Once the enablement deadline passes.

Users will receive a 2FA "Check-up" while using GitHub.com, which validates that their 2FA setup is working correctly.

News URL

https://www.techrepublic.com/article/github-rolling-out-2fa/