"GitHub to Enforce Two-Factor Authentication"

Github, a code-hosting platform used by tens of millions of software developers worldwide, is implementing mandatory two-factor authentication (2FA) for all code contributors.  Github announced that all users who upload code to the site will need to enable one or more forms of 2FA by the end of 2023 to continue using the platform.  Github noted that the move is a "part of a platform-wide effort to secure the software ecosystem through improving account security."  According to GitHub, only approximately 16.5% of its active users and 6.44% of npm (node package manager) users already use one or more forms of 2FA.  GitHub has already taken several steps beyond basic password-based authentication, including deprecating basic authentication for git operations and its API and requiring email-based device verification in addition to a username and password.  Andrew Hay, COO at LARES Consulting, branded GitHub's decision "a great move towards increasing the complexity of account takeovers."

Infosecurity reports: "GitHub to Enforce Two-Factor Authentication"