
close
close
Microsoft is planning to make some changes to the existing authentication policies on its GitHub platform. The company has announced that it will require all developers contributing code to the service to enroll in at least one form of two-factor authentication (2FA) by the end of 2023.
GitHub is a popular cloud-based service that allows developers to store, track and collaborate on open-source software projects. The Microsoft-owned code platform has more than 83 million users worldwide. However, we have previously witnessed security incidents where the attackers managed to compromise open-source repositories. Microsoft hopes that its new 2FA mandates should help to improve the overall security of the software development process.
advertisment
“Compromised accounts can be used to steal private code or push malicious changes to that code. This places not only the individuals and organizations associated with the compromised accounts at risk, but also any users of the affected code. The potential for downstream impact to the broader software ecosystem and supply chain as a result is substantial,” explained Mike Hanley, Chief Security Officer at GitHub.
According to Microsoft, 2FA can provide developers with an additional layer of protection against increasing security threats. However, Microsoft’s researchers have found that 16.5 percent of active GitHub users and 6.44 percent of NPM users currently enable one or more types of the 2FA technique on their accounts.
It is important to note that the code repository had previously dropped support for basic authentication. Instead, GitHub has already moved to modern authentication mechanisms (such as OAuth or Access tokens). Additionally, contributors who have not enabled 2FA are required to use email-based device verification methods.
Microsoft notes that it will ensure that the new security measures don’t impact the user experience on GitHub. The company expects its developers to have enough time to optimize the platform before the new policy goes into effect in late 2023. Meanwhile, GitHub also plans to give users more account recovery and secure authentication options.
advertisment
Do you think these extra security measures will help developers block social engineering and software supply chain attacks? Sound off in the comments section below.
More from Rabia Noureen
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Security
Build 2022: Microsoft Boosts Data Analytics and Cybersecurity in New Training & Certifications
May 24, 2022 | Rabia Noureen
Microsoft Defender for Office 365 to Get Preset Security Policy Improvements In June
May 23, 2022 | Rabia Noureen
CISA Warns Federal Agencies to Mitigate Critical VMware Vulnerabilities by May 23
May 20, 2022 | Rabia Noureen
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group