Software security starts with the developer: Securing developer accounts with 2FA

GitHub is enhancing its security measures by requiring all users who contribute code on GitHub.com to enable two-factor authentication (2FA) by the end of 2023, as part of a broader initiative to secure the software supply chain against frequent threats like social engineering and account takeovers. Recognizing that most security breaches stem from low-cost attacks rather than sophisticated exploits, GitHub aims to fortify account security without compromising user experience, and it plans to explore passwordless authentication options in the future. This move follows GitHub's previous efforts to secure npm accounts, where it mandated 2FA for maintainers of high-impact packages, and reflects its commitment to safeguarding developers' accounts and maintaining the integrity of the broader software ecosystem. Despite the proven effectiveness of 2FA, adoption rates remain low, with only 16.5% of active GitHub users and 6.44% of npm users utilizing it, prompting GitHub to leverage its position to elevate security standards across the development community.