Github Issues 2FA Security Warning As Deadline Approaches, What You Need To Know

GitHub is looking to secure the software supply chain by requiring all developers using the platform to protect their accounts with two-factor authentication (2FA). Developers will need to enable the security feature by the end of 2023. The company states that “GitHub is committed to making sure that strong account security doesn’t come at the expense of a great experience for developers, and our end of 2023 target gives us the opportunity to optimize for this.”

Developers are now frequently the target of attackers looking to compromise software. According to GitHub the majority of compromises have been achieved by using social engineering techniques or by taking advantage of credential theft and leakage. The use of two-factor authentication will greatly reduce the effectiveness of these types of attacks.

However, despite the effectiveness of securing accounts with two-factor authentication, not enough users are actually enabling the security feature. GitHub states that “2FA adoption across the software ecosystem remains low overall. Today, only approximately 16.5% of active GitHub users and 6.44% of npm users use one or more forms of 2FA.”


Individual users can begin securing their accounts by using the GitHub mobile app on iOS and Android. Meanwhile, organizations and enterprises can enable two-factor authentication for members by making the appropriate changes in settings or policies. GitHub has documentation available for organizations and enterprises looking to make these changes.

Security will continue to be a point of emphasis in the coming years as attackers don’t seem to be slowing down. Seeing GitHub provide these tools for developers is a great start to securing software, and having it be a requirement will go a long way towards ensuring developers actually use it.