GitHub has warned users that, if they haven’t already upgraded to two-factor authentication (2FA) on their accounts, they would risk losing some functionality very soon.
The warning came in the form of an email seen by Bleeping Computer, which warns contributors to upgrade their account’s security by mid-January 2024.
Of course, this shouldn’t be a surprise to GitHub users given that the mandatory security upgrade was announced in mid-2022, with several reminders over the following 18 months.
GitHub will enforce 2FA
In May 2022, GitHub’s Chief Security Officer and SVP of Engineering, Mike Hanley, said that the platform would “require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023.”
The deadline now appears to have been pushed back by nearly three weeks, but this could be a polite grace period provided by the Microsoft-owned platform, given that offices are likely to be shut over Christmas and the New Year.
The email reads: “GitHub users are now required to enable two-factor authentication as an additional security measure. Your activity on GitHub includes you in this requirement. You will need to enable two-factor authentication on your account before January 19, 2024, or be restricted from account actions.”
The mandate has already been in place for some account holders since March this year. Various 2FA methods can be chosen from, including SMS and TOTP authentication apps, as well as physical security keys.
After the deadline, users will be prompted to set up 2FA before they can continue to use their account’s features.
Moreover, users are being advised to set up more than one type to prevent account lock-out, though access can be recovered by dipping into a pot of recovery codes provided upon setup.
More from TechRadar Pro
- Save your codes in the best password management apps
- We’ve rounded up a list of the best identity theft protection
- Microsoft wants to take any MFA and 2FA worries out of your hands