GitHub is bringing in mandatory 2FA

(Image credit: Shutterstock)

GitHub has announced it will soon be rolling out the mandatory use of two-factor authentication (2FA) on developer's accounts.

The software development platform will initially be emailing small groups of administrators and developers, notifying them of the change to their accounts, before all of them are eventually enrolled on 2FA by the end of the year.

"GitHub has designed a rollout process intended to both minimize unexpected interruptions and productivity loss for users and prevent account lockouts," said Staff Product Manager Hirsch Singhal and Product Marketing Director Laura Paine in a joint blog post on the company's site.

Boosting security

"Groups of users will be asked to enable 2FA over time, each group selected based on the actions they've taken or the code they've contributed to."

Once a user receives the 2FA email, they will have 45 days to set it up on their account.

If users still haven't activated it after this point, they will be blocked from the full functionality of their account until 2FA has been configured by them. To prevent any surprises, though, GitHub will keep users updated on how long they have left.

> The importance of two-factor authentication

> The death of passwords is near, so get your business ready

> 5 reasons why businesses should never use consumer-grade password managers

GitHub previously announced in May and December 2022 that 2FA would be coming soon, and to further prepare its users, it has also published a guide on configuring 2FA and how to recover your account should you lose your 2FA device.

2FA is a type of multi-factor authentication, an extra layer of security to make sure it is actually you who is accessing your account with your username and password. A code is sent to another one of your devices, typically your smartphone, which you input after entering your login details to authenticate your identity.

For most services that use 2FA, the code can be delivered via SMS or an authenticator app. In addition to these, GitHub will also support 2FA via physical security keys and its own GitHub iOS and Android mobile apps.

GitHub however isn't recommending that users opt for SMS 2FA, as this is less secure than other forms, as messages can be intercepted and the authentication tokens generated can be stolen.

The move to enforce 2FA follows GitHub's recent efforts to make its service more secure. Authenticating Git operations via a user's account password was revoked in 2019, instead requiring the use of authentication tokens such as SSH keys, which could then be further secured by security keys from 2021.

Here are the best mobile app development software

Lewis Maddison is a Staff Writer at TechRadar Pro. His area of expertise is online security and protection, which includes tools and software such as password managers.

His coverage also focuses on the usage habits of technology in both personal and professional settings - particularly its relation to social and cultural issues - and revels in uncovering stories that might not otherwise see the light of day.

He has a BA in Philosophy from the University of London, with a year spent studying abroad in the sunny climes of Malta.