Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

GitHub to roll out 2-factor authentication this month

Code hosting service GitHub has announced it will be rolling out two-factor authentication on 13 March.

user icon David Hollingworth
Fri, 10 Mar 2023
GitHub to roll out 2-factor authentication this month
expand image

The new feature will roll out across a select number of users at first, though anyone who wants to activate it now can opt in.

“This gradual rollout will let us make sure developers are able to successfully onboard,” GitHub said in its announcement, “and make adjustments as needed before we scale to larger groups as the year progresses”.

After the email, developers will have 45 days to configure their accounts. GitHub will still work as normal during that period, though it will provide periodical reminders. If a developer fails to set things up, they’ll be required to do so the next time they log in.

============
============

This can be snoozed, but only for a week from the date of logging in, after which account access will be limited.

“If you’re on vacation or out of office,” GitHub said, “you’ll still get that one-week period to set up 2FA when you’re back at your desk”.

GitHub’s been working on the rollout since it was announced last year and has baked in a lot of configuration options.

Once signed up, developers will get a 28-day reminder to check their configuration, just to make sure everything is set up as they wish. There’ll also be a shortcut to reset things if the settings don’t work.

On top of that, accounts will also have multiple ways to authenticate, either via an authenticator or SMS. Developers can also set up their preferred authentication method. And if all else fails, and a developer cannot log into their account after getting their settings wrong, not all is lost — they can simply unlink their account email.

“If you’re unable to find an SSH key, PAT, or a device that’s been previously signed into GitHub to recover your account, it’s easy to start fresh with a new GitHub.com account and keep that contribution graph rightfully green,” GitHub said.

Anyone wanting to get a head start on 2FA can sign up here.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.