The software development platform GitHub has announced additional security measures for accounts. The Microsoft-owned company is to force two-factor authentication (2FA) until the end of the next year, 2023, for the developers who contribute codes.
Only 16.5% of the developers utilize 2FA
The Heroku and Travis CI incidents has shown the importance of security of GitHub accounts
GitHub states that most of the hacking incidents utilize social engineering or credential theft, which are low-cost attacks. Those attacks will be mostly eliminated by the introduction of two-factor authentication security. GitHub already has 2FA, but it is currently optional. 16.5% of GitHub users are already securing their accounts by two-factor authentication methods.
Two-factor authentication is currently being forced on maintainers of the top 100 packages on the NPM registry. This measure will be widened by the end of May 2022 to the top 500 packages. In the third quarter of this year, all maintainers of all high-impact packages will be forced to utilize two-factor authentication.