GitHub Implements Mandatory Two-Factor Authentication for Developer Safety

GitHub announced that starting from January 19, 2024, users working with code on the site will be required to activate two-factor authentication (2FA). This requirement was communicated to users through letters sent on Christmas eve.

The implementation of 2FA applies to all users who contribute code to github.com. Users who fail to activate 2FA within the specified period will experience limited access to the site. However, business and corporate accounts will not be affected by this change.

The decision to enforce 2FA was made by GitHub to enhance account security and mitigate supply chain attacks. After January 19, 2024, users attempting to access the site without 2FA will be automatically prompted to complete the setup.

GitHub offers multiple methods to activate 2FA, including the use of secure keys, the GitHub mobile application, authenticators, and SMS. It is recommended to enable at least two of these methods to ensure continuous access. The 2FA settings can be found in the security section on the GitHub website.

GitHub also highlights the importance of having multiple 2FA factors, as it enables account recovery in case of loss of access to the account’s 2FA data. Recovery codes are necessary to restore account access in such situations.

While 2FA will become mandatory after the specified date, existing access tokens, SSH-keypairs, and applications will remain functional. However, creating new ones or making changes to account settings will require the activation of 2FA.

GitHub has provided instructions for setting up two-factor authentication. Please refer to their instructions for guidance.

/Reports, release notes, official announcements.