GitHub Introduces 2FA Mechanism to Userbase

Software developer GitHub Inc. revealed in a blog post on Tuesday the deployment of two-factor authentication (2FA) for all its users through its GitHub Mobile app throughout the week.

Berk Veral, the company’s director and product marketing, said in the blog post that 2FA would be available on both the App Store and Android’s Play Store. This presents another means for GitHub to secure its user-base’s account, in addition to security keys and WebAuthn, one-time passcodes, and SMS.

“Today, we are announcing that you can use GitHub Mobile on iOS and Android as an easy-way-to-use two-factor authentication mechanism. This option sits alongside our existing channels: security keys and WebAuthn, one-time passcodes, and SMS,” Veral said in the post.

“GitHub Mobile provides a strong alternative to existing one-time passcode options offered by third-party applications and via SMS, with an experience that is fully baked into the GitHub services you already use,” he added.

How to set your 2FA

Any user with 2FA configured into its GitHub browser account and mobile application must first update to the latest version through the App Store or Play Store, for immediate use of the 2FA.

Those who are not using the software developer’s mobile application can install it and instantly sign into their account. Then, to set up the 2FA, they access it through their account’s security settings. It can be either set up via “SMS or another time-based one-time password (TOTP) before using Mobile 2FA.

Once everything is set, users will receive a push notification to their phones after signing in to their account. While users have the utmost freedom to accept or refuse the sign-in attempt, if approved, they will be logged into their GitHub account right away.

Security keys deliver finer and stronger protection to the accounts, and for that reason, the company will start using 2FA with a security key as the leading two-factor authentication channel.

“GitHub continues to invest in account security to help secure the broader supply chain. We are hard at work on making additional investments in this space for both npm and GitHub, including additional capabilities for GitHub Mobile as an authentication mechanism and increasing adoption for 2FA,” the post stated.