GitHub users recently received an email warning that two-factor authentication (2FA) will soon be mandatory for all accounts. The message stated that users need to enable 2FA by January 19, 2024, or risk losing access to certain account features.
This requirement shouldn’t come as a surprise. GitHub announced plans back in May 2022 to require 2FA for all users who contribute code on the platform. The original deadline was end of 2023, so it seems they’ve provided a short grace period into the new year.
The email reminds users: “GitHub users are now required to enable two-factor authentication as an additional security measure. Your activity on GitHub includes you in this requirement.”
GitHub began enforcing mandatory 2FA for some accounts in March 2022. Now they are expanding the requirement to all users. After the January deadline, contributors will be prompted to setup 2FA before they can access their accounts.
Users have a choice of 2FA methods, including SMS text messages, authentication apps that generate codes, and physical security keys. GitHub recommends enabling multiple methods as a backup to prevent getting locked out. Upon setup, users receive recovery codes to regain access if needed.
The Microsoft-owned platform likely pushed back the original end of 2023 deadline to give users more time over the holidays. But with the new year here, GitHub is serious about beefing up security. Mandatory 2FA provides an extra layer of protection beyond passwords.
As cyberattacks increase, tech companies are wise to require users to enable features like 2FA. The minor inconvenience is worth the improved account security. Kudos to GitHub for giving ample notice and offering users a choice of 2FA methods. Cybersecurity is a shared responsibility.
