GitHub pushes users to enable 2FA following end of password authentication for Git operations

0
133

Jonathan Greig

By

Jonathan Greig

| August 18, 2021 — 12:10 GMT (13:10 BST)

| Topic: Security

GitHub is urging its base of users to enable two-factor authentication as the platform shakes up how it protects accounts from compromise. 

“There are a number of options available for using 2FA on GitHub, including: Physical security keys, such as YubiKeys. Virtual security keys built-in to your personal devices, such as laptops and phones that support. WebAuthn-enabled technologies, like Windows Hello or Face ID/Touch ID. Time-based One-Time Password (TOTP) authenticator apps Short Message Service (SMS).”

Hanley added that Github was pushing users to take advantage of security keys or TOTPs instead of SMS, noting that it “does not provide the same level of protection and it is no longer recommended under NIST 800-63B.” 

According to Hanley, the strongest methods involve the WebAuthn secure authentication standard, some of which may even include physical security keys. 

“We are excited and optimistic about WebAuthn, which is why we have invested early and will continue to invest in it at GitHub,” Hanley said. 

Hanley went on to explain that once a user secures their account, they can also use a GPG key stored on their security key to digitally sign their git commits. 

Mark Risher, senior director of product management for Google’s Identity and Security Platforms, told ZDNet that they were excited to see GitHub move beyond passwords and instead opt for strong authentication for secure sign in. Google has been one of the leading companies behind the effort to make passwords a thing of the past.

“Passwords alone are simply no longer enough for sensitive and high-risk activities; they’re too difficult to manage and too easy to steal,” Risher said. “Strong authentication has become not just important but essential to better protecting our accounts, so GitHub’s move is a huge step in the right direction, especially as we look toward a future without passwords.”

Security

Kaseya ransomware attack: What you need to know

Surfshark VPN review: It’s cheap, but is it good?

The best browsers for privacy

Cyber security 101: Protect your privacy

The best antivirus software and apps

The best VPNs for business and home use

The best security keys for 2FA

How victims who pay the ransom encourage more attacks (ZDNet YouTube)

Related Topics:

Data Management

Security TV

CXO

Data Centers

Jonathan Greig

By

Jonathan Greig

| August 18, 2021 — 12:10 GMT (13:10 BST)

| Topic: Security