ZDNet reports that GitHub will be requiring code developers to enable two or more forms of two-factor authentication by the end of next year as the Microsoft-owned code repository seeks to strengthen its security measures.
The recent proliferation of malicious packages in GitHub's npm registry has prompted the new security requirement. However, organizations have been given a 2023 deadline to be able to "optimize" the domain prior to the rules' implementation.
"Developers everywhere can expect more options for secure authentication and account recovery, along with improvements that help prevent and recover from account compromise," said GitHub Chief Security Officer Mike Hanley.
The development comes after new scanning functionality preventing accidental secret exposure was introduced by GitHub last month. "While we are investing deeply across our platform and the broader industry to improve the overall security of the software supply chain, the value of that investment is fundamentally limited if we do not address the ongoing risk of account compromise. Our response to this challenge continues today with our commitment to drive improved supply chain security through safe practices for individual developers," Hanley added.
Identity
GitHub to require 2FA for code developers
Share
An In-Depth Guide to Identity
Get essential knowledge and practical strategies to fortify your identity security.
Related Events
Related Terms
Basic AuthenticationBiometricsCertificate-Based AuthenticationChallenge-Handshake Authentication Protocol (CHAP)Digest AuthenticationDigital CertificateDiscretionary Access Control (DAC)Get daily email updates
SC Media's daily must-read of the most current and pressing daily news