your account is selected for enrollment, you will receive an email and see a banner on requesting you to enroll. The gradual rollout will start … with GitHub reaching out to smaller groups of administrators and developers via email and will speed up as the end of the year approaches. … This is the company's latest move towards securing the software supply chain by moving away from basic password-based authentication. GitHub will start requiring active developers to enable two-factor authentication (2FA) on their accounts. What’s the craic? Sergiu Gatlan reports - “ GitHub makes 2FA mandatory”: “ Blocked from accessing some features” Your humble blogwatcher curated these bloggy bits for your entertainment. No need to wait until you’re forced. In this week’s Secure Software Blogwatch, we set it up now. Passkeys support isn’t there yet, but it’s “coming soon.”
WebAuthn keys and TOTP are where you should be looking, plus there’s a dedicated GitHub app. Unfortunately, SMS is still an option, but at least you don’t have to use it. Finally, Microsoft is doing something about it - by forcing users into two-factor authentication (2FA). GitHub is a weak link in the software supply chain.
0 kommentar(er)
