I can only say this: “It’s about time!” … Software supply chain attacks have become commonplace. Vaughan-Nichols reacts accordingly - “ No More Mr. ![]() your enablement deadline … you will be prompted to enable 2FA … and blocked from accessing some features until 2FA is toggled on.īlocked, you say? Steven J. … Then you’ll have 45 days … during which you can keep using your GitHub account as usual, except for occasional reminders.ĭevelopers can use one or more 2FA options, including physical security keys, virtual security keys built into mobile devices like smartphones and laptops, Time-based One-Time Password (TOTP) authenticator apps, or the GitHub Mobile app (after configuring TOTP or SMS 2FA). your account is selected for enrollment, you will receive an email and see a banner on requesting you to enroll. The gradual rollout will start … with GitHub reaching out to smaller groups of administrators and developers via email and will speed up as the end of the year approaches. … This is the company’s latest move towards securing the software supply chain by moving away from basic password-based authentication. GitHub will start requiring active developers to enable two-factor authentication (2FA) on their accounts. What’s the craic? Sergiu Gatlan reports - “ GitHub makes 2FA mandatory”: Your humble blogwatcher curated these bloggy bits for your entertainment. No need to wait until you’re forced. In this week’s Secure Software Blogwatch, we set it up now. Passkeys support isn’t there yet, but it’s “coming soon.” ![]() WebAuthn keys and TOTP are where you should be looking, plus there’s a dedicated GitHub app. Unfortunately, SMS is still an option, but at least you don’t have to use it. Finally, Microsoft is doing something about it - by forcing users into two-factor authentication (2FA). GitHub is a weak link in the software supply chain.
0 Comments
Leave a Reply. |