GitHub announced that two-factor authentication will be available starting this week for all GitHub Mobile users on iOS and Android. In a blog post, Berk Veral of GitHub indicates that GitHub Mobile 2FA, the application dedicated to this functionality, will be available for all users in the App Store and Play Store. The feature in question should allow GitHub users to enable two-factor authentication alongside security and WebAuthn keys, one-time passcodes, and SMS.
“GitHub Mobile offers a solid alternative to existing one-time password options offered by third-party apps and SMS, with a fully integrated experience with the GitHub services you already use,” GitHub management said.
“GitHub is committed to ensuring the security of its platform and enabling developers to secure their accounts. One way to do this is to help more developers adopt two-factor authentication (2FA) on their behalf. Over the past year, we have led the way in improving the security of developer accounts with the introduction of support for security keys as an authentication mechanism for git operations and application two-factor authentication for all npm editors. »
Securing users
The GitHub boss notes that the GitHub Mobile 2FA app is a “solid, fully integrated alternative experience into the GitHub services you already use.” For those who have already enabled two-factor authentication on their GitHub accounts and installed the mobile app, all you need to do is update the app to start using Mobile 2FA functionality.
GitHub also provides links to help those looking to install it and urges anyone who has not yet enabled two-factor authentication to do so through the Account Settings platform. Those who haven’t set it up yet will need to use an SMS or other time-based one-time password to set it up for the first time before they can use Mobile 2FA.
“Once configured, you will receive a push notification on your mobile device when you log in to your GitHub.com account on any browser. You can approve or reject the connection attempt. If you approve it, you will be immediately connected to GitHub.com,” says GitHub management.
A simplified procedure
“If you’ve already configured two-factor authentication with a security key, GitHub will use that as your primary two-factor authentication channel. Security keys provide the best possible protection for your account credentials. Learn more about how GitHub integrates authentication with security keys. »
GitHub repeatedly pushed its users to enable two-factor authentication last year. In August, the platform announced that it would no longer accept account passwords when authenticating Git operations. It started asking people to use stronger authentication factors like personal access tokens, SSH keys, or OAuth or GitHub App install tokens for all authenticated Git operations on GitHub.com .
“If you haven’t already, please take this moment to enable 2FA for your GitHub account. The benefits of multi-factor authentication are well documented and protect against a wide range of attacks, such as phishing,” explained Github’s Mike Hanley last year.
Source: ZDNet.com