Microsoft-Owned GitHub announced two-factor authentication (2FA) mandatory for all its users to ensure maximum security of user data. The decision follows several recent high-profile security breaches that have highlighted the importance of strong online security measures.
GitHub currently has over 100 million users, and the platform recognizes the importance of keeping all user data and documents safe. To achieve this goal, the platform has made 2FA mandatory for all accounts, effective March 13, 2023.
The company has started sending emails to its administrators and developers, notifying them about the new mandatory 2FA policy. All users are required to enable 2FA on their accounts by the end of 2023.
The platform is activating 2FA for different user groups over time, depending on their actions and the code they’re currently working on. Each group has a deadline to adhere to the order and receives a notice approximately 45 days before the deadline.
If a user misses the deadline, they will be required to enable 2FA the first time they visit GitHub daily. If they neglect to do so for a week, their access to the platform will be cut off until they activate the 2FA for their account. To ensure everything is on the right track, GitHub also requires users to perform a 2FA checkup after 28 days.
GitHub allows users to choose between SMS, time-based one-time password (TOTP), and security keys as their preferred 2FA method. However, the platform recommends security keys and TOTPs as the most secure options. SMS is less safe and no longer recommended under NIST 800-63B.
In addition to making 2FA mandatory, GitHub has also prepared a detailed guideline on how to configure 2FA and recover an account if a user ever loses their 2FA credentials.
