IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

GitHub to introduce two-factor authentication by 2023

GitHub.com will require 2FA by the end of 2023, as the company works to secure the software ecosystem through improved account security

GitHub has announced that developers contributing code to its platform will be required to use two-factor authentication (2FA) by the end of 2023. 

The move forms part of the Microsoft-owned company’s drive to make the software ecosystem more secure and improving individual account security.

Related Resource

The truth about cyber security training

Stop ticking boxes. Start delivering real change.

Pair of feet in socks with a chair and plant in the backgroundFree download

Most security breaches involve lower-cost attacks such as social engineering or credential theft or leakage, GitHub says, which provide attackers with a broad range of access to victims’ accounts and their resources. Compromised accounts can then be used to steal private code or make malicious changes. 

Currently, just 16.5% of active GitHub users use one or more forms of 2FA, which provides a powerful next line of defense in securing critical business systems.

Back in February, the company made 2FA mandatory for all maintainers of the top-100 packages on the NPM registry before March saw all NPM accounts automatically enrolled in enhanced login verification.

From May 31, it will be mandatory for all maintainers of the top-500 packages to use 2FA, with maintainers of high-impact packages to follow suit in Q3 of this year.

“At GitHub, we believe that our unique position as the home for all developers means that we have both an opportunity and a responsibility to raise the bar for security across the software development ecosystem,” explained Mike Hanley, GitHub’s Chief Security Officer, in a blog post.

“While we are investing deeply across our platform and the broader industry to improve the overall security of the software supply chain, the value of that investment is fundamentally limited if we do not address the ongoing risk of account compromise.”

GitHub said this push with NPM packages will help enable it to realise its wider drive to implement mandatory 2FA across its whole platform by 2023.

“GitHub is committed to making sure that strong account security doesn’t come at the expense of a great experience for developers, and our end of 2023 target gives us the opportunity to optimize for this,” Hanley said.

“As standards evolve, we’ll continue to actively explore new ways of securely authenticating users, including passwordless authentication.”

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Virgin Media O2 Business overhauls its approach to partner development
channel

Virgin Media O2 Business overhauls its approach to partner development

24 Jun 2022
Cloudflare unveils new One Partner Program with zero trust at its core
channel

Cloudflare unveils new One Partner Program with zero trust at its core

24 Jun 2022
UK government opts against regulation for cyber security standards
cyber attacks

UK government opts against regulation for cyber security standards

22 Jun 2022
VIVE announces new VIVE Flow Business Edition
augmented reality (AR)

VIVE announces new VIVE Flow Business Edition

22 Jun 2022

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022