Skip to main content

GitHub to Developers: Turn on 2FA, or Lose Access

posted onMay 4, 2022
by l33tdawg
Dark Reading
Credit: Dark Reading

Security experts have been banging the multifactor authentication drum for years, encouraging users to move away from just relying on the username/password combination to secure their most sensitive accounts. Now GitHub is done with encouraging: By the end of 2023, all users who contribute code to GitHub-hosted repositories must have one or more forms of two-factor authentication enabled, the company says.

Zero-day attacks and sophisticated exploits are scary, but social engineering and credential theft pose bigger headaches for enterprise defenders. User credentials grant attackers full access to the application and the associated data, or in case of a code repository like GitHub, visibility into source code as well as the ability to maliciously modify the code.

"This places not only the individuals and organizations associated with the compromised accounts at risk, but also any users of the affected code," says Mike Hanley, GitHub's CSO. The downstream effects of an attacker seizing control of a popular code repository is staggering, as "it can be downloaded tens of thousands of times, or hundreds of thousands of times," he says.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th