GitHub is committed to keeping our platform secure and enabling developers to secure their accounts. One way we’re doing that is by helping more developers adopt two-factor authentication (2FA) for their accounts. Over the past year, we’ve led the way in improving developer account security with the introduction of support for security keys as an authentication mechanism for git operations and enforcing two factor authentication for all npm publishers.
Today, we are announcing that you can use GitHub Mobile on iOS and Android as an easy-to-use two factor authentication mechanism. This option sits alongside our existing channels: security keys and WebAuthn, one-time passcodes, and SMS. GitHub Mobile provides a strong alternative to existing one-time passcode options offered by third-party applications and via SMS, with an experience that is fully baked into the GitHub services you already use.
GitHub Mobile 2FA will be available to all GitHub users in the App Store and Play Store this week.
Get Started
If you have 2FA configured on your GitHub account and the mobile app installed, update to the latest version of GitHub Mobile in the App Store or Play Store to start using Mobile 2FA immediately.
If you’re not already using the mobile app, you can install it now and sign in to your account. And if you haven’t set up 2FA, set it up via your account security settings. You’ll need to set up 2FA with SMS or another time-based one-time password (TOTP) app first to start using Mobile 2FA.
Once set up, you’ll receive a push notification to your mobile device when you sign in to your GitHub.com account on any browser. You can approve or reject the sign in- attempt. If you approve it, you’ll be logged into GitHub.com immediately.
If you already set up 2FA with a security key, GitHub will use that as the primary two factor authentication channel. Security keys provide the strongest available protection of your account credentials. Read more about how GitHub is integrating authentication with security keys.
GitHub continues to invest in account security to help secure the broader supply chain. We are hard at work on making additional investments in this space for both npm and GitHub, including additional capabilities for GitHub Mobile as an authentication mechanism and increasing adoption for 2FA, so stay tuned!
Read more about securing your account with two factor authentication.
Tags:
Written by
Related posts
Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects
Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we’ll describe how unsafe deserialization vulnerabilities work and how you can detect them in Ruby projects.
10 years of the GitHub Security Bug Bounty Program
Let’s take a look at 10 key moments from the first decade of the GitHub Security Bug Bounty program.
Where does your software (really) come from?
GitHub is working with the OSS community to bring new supply chain security capabilities to the platform.