Starting this week, the popular developer platform GitHub will require the use of two-factor authentication (2FA) for its users. Developers working on software projects via GitHub.com will need to have set up 2FA for their accounts. The measure is intended to prevent attackers from taking over developer accounts, which they could then use to inject malware into the software projects the developers are working on.
The 2FA requirement will be phased in over the next year. This will allow any necessary adjustments to be made before the measure applies to larger groups later this year. A small group of administrators and developers will be started with on Monday. They will be informed about the mandatory setting of 2FA for their accounts. Users who are informed will have 45 days to set up 2FA for their account.
Users who do not set up 2FA will only be able to access their GitHub account after the deadline has passed by first setting up the security measure. Users who have set up 2FA will be asked by GitHub to perform two-factor authentication and confirm their 2FA settings 28 days after this period. This will prevent users from being locked out of their account due to incorrectly configured authenticator apps (TOTP apps).