GitHub puts developers first with 2FA initiative and powerful Copilot updates

• GitHub is implementing 2FA to enhance software security.
• GitHub prioritizes account security and considers strong authentication and 2FA essential for safeguarding the software supply chain.

GitHub, which now has over 100 million developers, is prioritizing security by implementing a two-factor authentication (2FA) initiative. Starting March 13, all developers who contribute code on GitHub.com will be required to enable one or more forms of 2FA by the end of 2023.

The software supply chain’s security is crucial, and GitHub understands that developers have a significant role in ensuring its protection. Therefore, the platform-wide 2FA initiative aims to improve account security and protect developers and consumers from social engineering and account takeover attacks. GitHub will gradually roll out this initiative to smaller groups of developers and administrators to allow for adjustments before expanding to larger groups throughout the year.

Securing GitHub has never been easier with 2FA

To ensure that enrolling in 2FA is an easy and reliable process, GitHub has enhanced the experience with a few key features:

• After setting up 2FA, GitHub.com users will receive a prompt after 28 days to perform 2FA and confirm their second-factor settings. This prompt is designed to prevent account lockout caused by misconfigured authenticator applications (TOTP apps).
• To ensure continued access to their account, users can now simultaneously enroll multiple 2FA methods, such as an authenticator app (TOTP) and an SMS number.
• Users can now choose their preferred 2FA method for account login and use of the sudo prompt, so their favorite method is always prompted first during sign-in.
• To address the issue of locked out users having difficulty creating a new account with their preferred email address, GitHub now allows users to unlink their email address from a two-factor enabled account in case of 2FA lockout.
• GitHub is testing passkeys internally as a potential new authentication method that combines ease of use with strong protection to phishing attacks. Watch out for updates on this feature.

GitHub has developed a gradual rollout plan to minimize disruptions and prevent account lockouts while asking groups of users to enable 2FA over time. These groups will be selected based on their actions or code contributions. 

Open source software is widely used, with 90% of companies reporting its use, and GitHub is a critical part of this ecosystem. As a result, GitHub takes account security seriously and sees strong authentication and 2FA as best practices to ensure software supply chain protection. 

However, GitHub cannot improve software supply chain security alone and relies on user support to enroll their accounts in 2FA, thereby contributing to the overall security of open source software.

Building a home for the developer community

Developers today come from diverse backgrounds and work on various projects, including open-source contributions and scientific research. With a global exchange of ideas, developers are democratizing who they are, what they work on, and where they live. GitHub is committed to putting developers first and providing them with the necessary tools to build the next big thing, accelerate human progress, and solve unknown problems.

GitHub has launched updates for Copilot for Individuals and Copilot for Business, making the tool more powerful and responsive for developers by improving its AI capabilities. The updates include simple sign-ups for organizations and an updated Codex model, resulting in significant improvements to code quality and faster response time. GitHub Copilot now generates up to 61% of a developer’s code in Java and 46% in all programming languages. The enhancements include upgrades to the AI Codex model and improved context understanding through the Fill-In-the-Middle (FIM) paradigm. 

A lightweight client-side model was also developed to improve overall code acceptance rates and reduce unwanted suggestions. These technical improvements allow GitHub Copilot to provide developers with more accurate and responsive code suggestions.

---

---

---