By the end of 2023, all GitHub users who contribute to the platform should have two-step verification enabled. The platform says developer accounts are regularly targeted by hackers.
According to GitHub stats, only 16.5 percent of active users have set up two-step verification. The number of npm users using two-factor authentication is also low, at around 6.4 percent.
“Most incidents are caused not by Days attacks, but by theft or leakage of passwords or other means by which attackers can gain access to the accounts of their victims. Hacked accounts can be used to steal code or make malicious changes to the code. This poses a risk not only to the individuals and organizations associated with these accounts, but also to all affected code users,” writes github.
It is not yet clear what the consequences will be for accounts not taking additional security measures by the end of 2023. In the coming months, GitHub will provide more information about its plans for two-step verification requirements.
“Lifelong zombie fanatic. Hardcore web practitioner. Thinker. Music expert. Unapologetic pop culture scholar.”