GitHub is set to require two-factor authentication (2FA) for all developers who contribute code to any project on the platform, a move designed to bolster the software supply chain.
The Microsoft-owned code-hosting platform announced last May that it intended to make 2FA mandatory by the end of 2023, though it had started the process earlier that year for the top 100 packages followed in November by other “high-impact” packages. These were defined as packages with more than 1 million weekly downloads, or more than 500 dependents (projects that use the package in question).
Now, GitHub has confirmed that a platform-wide enforcement will begin on March 13, 2023 (four days from now), a process that will roll out incrementally to different groups of developers and project administrators throughout the rest of the year.
Supply chain
With some 100 million developer users, GitHub is a pivotal part of the global software supply chain. And while concerns around software supply chain security have abounded for a while, a spate of high-profile attacks in recent years have thrust the issue to the top of political agendas globally. This in …
