GitHub sign

GitHub to introduce two-factor authentication by 2023 will require 2FA by the end of 2023, as the company works to secure the software ecosystem through improved account security
Image: Shutterstock via Dennis

5 May 2022

GitHub has announced that developers contributing code to its platform will be required to use two-factor authentication (2FA) by the end of 2023.

The move forms part of the Microsoft-owned company’s drive to make the software ecosystem more secure and improving individual account security.

Most security breaches involve lower-cost attacks such as social engineering or credential theft or leakage, GitHub says, which provide attackers with a broad range of access to victims’ accounts and their resources. Compromised accounts can then be used to steal private code or make malicious changes.




Currently, just 16.5% of active GitHub users use one or more forms of 2FA, which provides a powerful next line of defense in securing critical business systems.

Back in February, the company made 2FA mandatory for all maintainers of the top 100 packages on the NPM registry before March saw all NPM accounts automatically enrolled in enhanced login verification.

From 31 May, it will be mandatory for all maintainers of the top 500 packages to use 2FA, with maintainers of high-impact packages to follow suit in Q3 of this year.

“At GitHub, we believe that our unique position as the home for all developers means that we have both an opportunity and a responsibility to raise the bar for security across the software development ecosystem,” explained Mike Hanley, GitHub’s chief security officer, in a blog post.

“While we are investing deeply across our platform and the broader industry to improve the overall security of the software supply chain, the value of that investment is fundamentally limited if we do not address the ongoing risk of account compromise.”

GitHub said this push with NPM packages will help enable it to realise its wider drive to implement mandatory 2FA across its whole platform by 2023.

“GitHub is committed to making sure that strong account security doesn’t come at the expense of a great experience for developers, and our end of 2023 target gives us the opportunity to optimise for this,” Hanley said.

“As standards evolve, we’ll continue to actively explore new ways of securely authenticating users, including passwordless authentication.”

© Dennis Publishing

Read More:

Comments are closed.

Back to Top ↑