GitHubannounced that starting March 13, all contributing developers will be required to enable Two-factor authentication(2FA). According to the company, this is an initiative to secure software development and supply chains.
"GitHub is at the heart of the software supply chain, and securing the software supply chain starts with developers," GitHub said in its latest blog. "Our 2FA program is part of a platform-wide effort to protect software development by improving account security. Developer accounts are often targeted by social engineering and account takeovers (ATOs). Protecting developers and consumers in the open source ecosystem Protecting developers from such attacks is the first and most critical step in ensuring supply chain security."
2 Implementation of the FA requirements will be gradual, with the company saying it will first reach out to smaller developers and Administrator group. Additionally, developer groups will be selected "based on the actions they take or the code they contribute," according to GitHub. This will continue next year.
Those who will be selected will be notified via email and will also see a registration banner on GitHub.com. Once notification begins, developers will have 45 days to set up their 2FA. According to GitHub, this period will be extended for another week, but account access will be restricted at that time. With this in place, those who will be notified of the new security requirements in advance are advised to fix their 2FA as soon as possible.
On the other hand, the company encourages contributors who will have new requirements to choose the more secure 2FA method instead of SMS.
"We strongly recommend using security keys and TOTP whenever possible," the blog reads. "SMS-based 2FA does not provide the same level of protection, and NIST 800-63B no longer recommends it. The strongest methods that are widely available are those that support the WebAuthn secure authentication standard. These methods include physical security keys, as well as support for Windows Hello Or personal devices with technologies such as Face ID/Touch ID.”
The above is the detailed content of GitHub will implement 2FA requirements for all contributing developers starting March 13. For more information, please follow other related articles on the PHP Chinese website!