GitHub has warned users that, if they haven't already upgraded to two-factor authentication (2FA) for their accounts, they risk losing functionality very soon.
The warning came in the form of an email seen through Beeping computerwarning contributors to upgrade their account security by mid-January 2024.
Of course, this shouldn't come as a surprise to GitHub users, as the mandatory security upgrade was announced in mid-2022, with several reminders over the following 18 months.
GitHub will enforce 2FA
In May 2022, GitHub Chief Security Officer and SVP Engineering Mike Hanley said the platform would “require all users who contribute code to GitHub.com to enable one or more forms of two-factor authentication (2FA) by end of term. 2023.”
The deadline now appears to have been pushed back by almost three weeks, but this could be a polite grace period provided by Microsoft's platform as offices are likely to be closed over Christmas and New Year.
The email reads: “GitHub users are now required to enable two-factor authentication as an additional security measure. Your activity on GitHub includes you in this requirement. You must enable two-factor authentication on your account by January 19, 2024 or you will no longer be able to perform account actions.”
The mandate has been in effect for a number of account holders since March this year. There are several 2FA methods to choose from, including SMS and TOTP authentication apps, as well as physical security keys.
After the deadline, users will be asked to set up 2FA before they can continue using their account features.
Additionally, users are advised to set up more than one type to avoid account lockout, although access can be restored by dipping into a jar of recovery codes provided upon installation.