GitHub is warning users that they will soon have limited functionality on the site if they do not enable two-factor authentication on their accounts.
In emails sent to GitHub users on Christmas Eve, the company warned that all users contributing code on GitHub.com must enable 2FA by January 19th, 2024.
This same warning is shown on the GitHub site after logging into your account, as shown below.
If you write or manage code on GitHub, this will apply to you.
The company has made this decision to protect accounts from being breached and code altered in supply chain attacks.
This change is only for GitHub.com, not for business or enterprise accounts.
If you haven't set up 2FA by the deadline, you'll find your access to GitHub limited.
GitHub has instructions to help you configure it easily.
After the January 19th deadline, users attempting to access GitHub.com without 2FA will be automatically directed to complete the setup.
Even after 2FA becomes mandatory, any configured Personal Access Tokens, SSH keys, and apps will still work.
If you want to make new ones or change your account settings, you must enable 2FA on the account.
GitHub offers various methods for enabling 2FA, catering to user preferences regarding using security keys, GitHub Mobile, authenticator apps, and SMS text messages.
To guarantee continuous access, activating at least two of these methods is recommended.
Users can manage their 2FA settings and explore additional methods in their security settings on GitHub.
If you've already enabled 2FA before January 19th, 2024, you're all set.
You can't turn off 2FA, but you can change your configured verification methods.
If you lose all your 2FA options, the only way back into your account is with your recovery codes.
New phishing attack steals your Instagram backup codes to bypass 2FA. Okta one-time MFA passcodes exposed in Twilio cyberattack.
Microsoft discovers critical RCE flaw in Perforce Helix Core Server.
Microsoft disrupts cybercrime gang behind 750 million fraudulent accounts.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 26 Dec 2023 21:06:28 +0000