GitHub enables a two-factor authentication mechanism through the iOS and Android app
GitHub announced that two-factor authentication will be available to all users through GitHub Mobile this week. In a blog post, Berk Veral of GitHub said that GitHub Mobile 2FA will be available to all App Store and Play Store users.
This feature is another way for GitHub users to enable two-factor authentication alongside security and WebAuthn keys, one-time passcodes, and SMS.
“GitHub Mobile offers a solid alternative to existing one-time passcode options offered by third-party apps and via SMS, with a fully integrated experience with the GitHub services you already use,” Veral said.
“GitHub is committed to keeping our platform secure and enabling developers to keep their accounts secure. Part of this is helping more developers adopt two-factor authentication (2FA) for their accounts. over the past year, we’ve led the way to improve developer account security with the introduction of support for security keys as an authentication mechanism for git operations and application l two-factor authentication for all npm publishers.
Veral noted that the GitHub Mobile 2FA app is a “strong” alternative experience that is “fully integrated with the GitHub services you already use.”
For those who have already enabled two-factor authentication on their GitHub accounts and installed the mobile app, you only need to update the app to start using Mobile 2FA functionality.
GitHub also provides links to help those looking to install it and urged anyone who has not yet enabled two-factor authentication to do so through the Account Settings platform. Those who haven’t set it up yet will need to use an SMS or other one-time password to set it up for the first time before they can use Mobile 2FA.
“Once configured, you will receive a push notification on your mobile device when you log in to your GitHub.com account on any browser. You can approve or reject the login attempt. If you approve, you will be logged in to GitHub.com immediately,” Veral explained.
“If you’ve already configured 2FA with a security key, GitHub will use it as your primary two-factor authentication channel. Security keys provide the best available protection for your account credentials. Learn more about how GitHub integrates authentication with security keys.”
GitHub repeatedly pushed its users to enable two-factor authentication last year, and in August announced that it would stop accepting account passwords when authenticating Git operations. The platform has started requiring users to use stronger authentication factors, such as personal access tokens, SSH keys, or OAuth or GitHub App install tokens for all authenticated Git operations on GitHub.com.
“If you haven’t already, please take this moment to enable 2FA for your GitHub account. The benefits of multi-factor authentication are well documented and protect against a wide range of attacks, such as phishing,” explained Mike Hanley of Github last year.