Software security starts with the developer: GitHub introduces mandatory two-factor authentication

Oct 17, 2023
Users run the risk of losing access to the code if they ignore the requirement.

GitHub announced that from January 19, 2024, users working with code on the site will be required to activate two-factor authentication (2FA). This is reported in emails sent to users on Christmas Eve.

The company emphasizes that this requirement applies to everyone who contributes code to the site. Users who have not activated 2FA by the specified deadline will face restricted access to the site. At the same time, the change will not affect business and corporate accounts.

GitHub made this decision in order to protect accounts from hacking and prevent attacks on the supply chain. After January 19, 2024, when users attempt to access the site without 2FA, they will be automatically prompted to complete the configuration.

There are several ways to activate 2FA on GitHub, including using secure keys, the GitHub mobile app, authenticators, and SMS. We recommend activating at least two of these methods to ensure continuous access. 2FA settings are available in the security section on the GitHub site.

GitHub also warns about the importance of having more than one 2FA factor, because if you lose access to 2FA credentials, you can only restore access to your account using recovery codes.

Despite the mandatory installation of 2FA after the specified date, existing access tokens, SSH keys, and applications will continue to work. However, to create new ones or change your account settings, you will need to activate 2FA.

GitHub has provided instructions for setting up two-factor authentication.