GitHub will require all users who contribute code to enable two-factor authentication by the end of 2023
2 min readGitHub will require all users who contribute code to enable two-factor authentication by the end of 2023
- An American company made 0.7nm chips: EUV lithography machines can’t do it
- CVE-2007-4559 Python vulnerability ignored for 15 years puts 350,000 projects at risk of code execution
- RISC-V only takes 12 years to achieve the milestone of 10 billion cores
- 14000 cores + 450W: RTX 4080 graphics card perfectly replaces the RTX 3080
- Big upgrade: The difference between Bluetooth 5.0 and 5.2
- Geeks Disappointed that RTX 4080/4090 doesn’t come with PCIe 5.0
- What are advantages and disadvantages of different load balancing?
By the end of 2023, GitHub will require all users who contribute code on the platform to enable one or more forms of two-factor authentication (2FA).
On May 04, the Microsoft-owned company says only 16.5% of GitHub active users and 6.44% of npm users use 2FA. That’s not a lot, but frankly less than expected.
“Compromised accounts can be used to steal undisclosed private code or make malicious modifications to that code. This puts not only the individuals and organizations associated with the compromised accounts at risk, but also any users of the affected code. “Therefore, the potential for downstream impact on the broader software ecosystem and supply chain is substantial,” wrote GitHub’s chief security officer Mike Hanley in today’s announcement.
He also noted that the company is working to ensure the extra layer of security doesn’t come at the expense of the user experience.
So it’s a long time from today’s announcement to when this will be enforced. “Our end-2023 target gives us the opportunity to optimize for this,” explains Hanley. S
witching to 2FA involves a series of changes to the user experience at the command line and in the GitHub web interface.
Notably, earlier this year, GitHub also introduced mandatory 2FA verification for maintainers of the top 100 npm packages to prevent software supply chain attacks.
It plans to expand to the top 500 package maintainers this month, and then to all packages with more than 500 dependencies or more than 1 million weekly downloads.
- DIY a PBX (Phone System) on Raspberry Pi
- How to host multiple websites on Raspberry Pi 3/4?
- A Free Intercom/Paging system with Raspberry pi and old Android phones
- DIY project: How to use Raspberry Pi to build DNS server?
- Raspberry Pi project : How to use Raspberry Pi to build git server?