GitHub steps up security for active developers – 2FA requirement coming soon

GitHub, the world’s largest cloud-based provider of software development tools and services, announced that it will soon make two-factor authentication (2FA) mandatory for active developers. Starting next week, any developer who wants to access their account at GitHub must set up 2FA to continue using the service.

Read: The FBI is investigating a data breach affecting House Representatives and staff

How this change will take place

For those unfamiliar with 2FA, it is a way to add a layer of security that requires users to prove their identity twice when logging in. It usually entails entering a password, followed by a code sent via email or text message, or generated by an app on the user’s smartphone. 

This makes it much more difficult for hackers to gain access to users’ accounts since they would need both pieces of information before they can gain access. With its new policy change, GitHub is taking an extra step towards protecting its users from cyberattacks and data breaches. 

“GitHub has designed a rollout process intended to both minimize unexpected interruptions and productivity loss for users and prevent account lockouts,” said Staff Product Manager Hirsch Singhal and Product Marketing Director Laura Paine.

“Groups of users will be asked to enable 2FA over time, each group selected based on the actions they’ve taken or the code they’ve contributed to.”

If an account is chosen for enrollment in the two-factor authentication (2FA) program, the user will receive an email notification and see a banner on Then, they have 45 days to configure 2FA on the account; however, there will be periodic reminders. 

During this time, GitHub will also send frequent updates about the deadline for enabling 2FA. Once the set timeframe has passed and they sign into, a prompt will appear to activate 2FA, and if it’s not enabled, then some features may be inaccessible.

Developers have multiple 2FA options to choose from, such as physical security keys, virtual security keys integrated with mobile devices like smartphones and laptops, Time-based One-Time Password (TOTP) authenticator applications, or the GitHub Mobile app after configuring TOTP or SMS 2FA.

The company points out that nearly 300k security incidents have been reported over the past year, underscoring how important it is for businesses and developers alike to take proactive measures to maintain secure online environments.

GitHub’s initiative also serves as a reminder that even the most seemingly mundane factors, such as online password protection, should not be taken lightly, as there are many potential vulnerabilities if left unchecked. 

Besides having strong passwords, users should also ensure any app used through their GitHub account has an up-to-date version, as outdated features pose a bigger risk regarding security flaws and exploits. As such, this move by GitHub highlights the importance of always being prepared when working digitally and staying current with the latest technologies, ensuring everything is secure, so your data and projects remain confidential and safe from malicious actors.

Keep in touch with our blog to read the latest news and innovations in the cybersecurity world. 

GitHub steps up security

Facebook: Eagle Tech Corp

Instagram: @eagletech_corp

Twitter: @eagletechcorp

LinkedIn: Eagle Tech

YouTube: Eagle Tech Corp

Cyber security & IT Managed Services

Table of Contents

Share this Article
Related Articles