/i/2004765172.png?fit=%2C&ssl=1)
By the end of 2023, all GitHub users contributing to the platform must have two-step verification enabled. Software developers’ accounts are regularly targeted by hackers, the platform says.
According to GitHub’s statistics, only 16.5 percent of active users have set up two-step verification. The number of npm users using two-factor authentication is also low, at about 6.4 percent.
“Most incidents do not result from zero days attacks, but from the theft or leaking of passwords or other means by which attackers gain access to their victims’ accounts. Hacked accounts can be used to steal code or make malicious changes to the code. This poses a risk not only to the individuals and organizations associated with these accounts, but also to all users of the affected code,” writes GitHub.
It is not yet clear what the consequences will be for accounts that have not taken additional security measures by the end of 2023. In the coming months, GitHub will provide more information about its plans for the two-step verification requirement.
–
