GitHub to mandate 2FA for all code contributors by 2023
The world’s largest development platform will require all code-contributing users to enroll in two-factor authentication by the end of 2023 to enhance software supply chain security.
GitHub has announced its largest-ever push toward two-factor authentication (2FA). The world’s leading development platform said it will require all code-contributing users to enroll in 2FA by the end of 2023 to enhance the security of developer accounts and bolster security within the software supply chain. Given the number of developers and enterprises on the platform, GitHub’s move is significant with the risks surrounding software supply chains continuing to threaten and expose organizations more than a year after the infamous SolarWinds Sunburst attack.
Speaking to CSO, David Sygula, senior analyst at CybelAngel, says that while GitHub’s plans to implement 2FA across its platform will significantly reduce the chances of account takeover, it doesn’t mean GitHub users will stop sharing secrets in their repository. “One of the issues is that repositories are made public; there is no need to log in, so multi-factor authentication won’t help with that. It’s a good practice, but it will be of little help in securing the supply chain.”