MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
github
Search

GitHub Starts Mandatory 2FA Rollout Early for Some Users

Monday March 13, 2023. 12:34 PM , from Slashdot
By the end of 2023, GitHub will require all code contributors to enable two-factor authentication — part of 'a platform-wide effort to secure software development by improving account security.'

But on Monday they'll start rolling it out, according to a new blog post, reaching out to 'smaller' groups of developers and administrators 'to notify them of their 2FA enrollment requirement.'
If your account is selected for enrollment, you will be notified via email and see a banner on GitHub.com, asking you to enroll. You'll have 45 days to configure 2FA on your account — before that date nothing will change about using GitHub except for the reminders. We'll let you know when your enablement deadline is getting close, and once it has passed you will be required to enable 2FA the first time you access GitHub.com.

You'll have the ability to snooze this notification for up to a week, but after that your ability to access your account will be limited. Don't worry: this snooze period only starts once you've signed in after the deadline, so if you're on vacation or out of office, you'll still get that one week period to set up 2FA when you're back at your desk....

Twenty-eight (28) days after you enable 2FA, you'll be asked to perform a 2FA check-up while using GitHub.com, which validates that your 2FA setup is working correctly. Previously signed-in users will be able to reconfigure 2FA if they have misconfigured or misplaced second factors during onboarding.

GitHub's blog post says their gradual rollout plan 'will let us make sure developers are able to successfully onboard, and make adjustments as needed before we scale to larger groups as the year progresses.' InfoWorld summarizes the options:

Users can choose between 2FA methods such as TOTP (Time-based One-Time Password), SMS (Short Message Service), security keys, or GitHub Mobile as a preferred 2FA method. GitHub advises using security keys and TOTPs wherever possible; SMS does not provide the same level of protection and is no longer recommended under NIST 800-63B, the company said.

Internally GitHub is also testing passkeys, according to their blog post. 'Protecting developers and consumers of the open source ecosystem from these types of attacks is the first and most critical step toward securing the supply chain.'

Read more of this story at Slashdot.
https://developers.slashdot.org/story/23/03/11/0244214/github-starts-mandatory-2fa-rollout-early-for...
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Mar, Fri 29 - 14:17 CET