GitHub, the code hosting platform used by tens of millions of software developers around the world, announced that it will require two-factor authentication (2FA) for all developers who contribute code to any project on the platform. The platform-wide enforcement will begin on 13th March and the process will roll out incrementally to different groups of developers.
Approach to Enforcing Two-factor Authentication
During the initial rollout of the two-factor authentication process, the tagged developers will receive an email, and they will also see a banner on their GitHub dashboard asking them to sign up; they will only have 45 days to activate 2FA. If it is not configured within this period, they will be nudged to enable 2FA the next time they try to access their GitHub account. The targeted developers will be chosen on the basis of publishing frequency, whether they’re administrators at enterprises, and whether they contribute to the more popular public and private repositories.
GitHub users can choose their authentication method from SMS, physical security keys, third-party authenticator apps, and the GitHub mobile app. “While we recommend using security keys and your TOTP app over SMS, allowing both at the same time helps reduce account lockout by providing another accessible, understandable 2FA option that developers can enable,” said the code hosting platform.
Read more: GitHub Rolls Out Free Secret Scanning For All Public Repositories