Security experts have been banging on the multifactor authentication drum for years, encouraging users to stop relying solely on the username and password combination to secure their most sensitive accounts. Now GitHub is done with the encouragement: by the end of 2023, all users contributing code to GitHub-hosted repositories will need to have one or more forms of two-factor authentication enabled, the company says.

Zero-day attacks and sophisticated exploits are scary, but social engineering and credential theft are bigger headaches for enterprise defenders. User credentials give attackers full access to the application and its data, or in the case of a code repository like GitHub, visibility into the source code, as well as the ability to maliciously modify the code.

“This puts not only the people and organizations associated with the compromised accounts at risk, but also all users of the affected code,” said Mike Hanley, CSO of GitHub. The downstream effects of an attacker…



Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.