GitHub announced that two-factor authentication will be available to all users through GitHub Mobile this week. In a blog post, GitHub’s Berk Veral said GitHub Mobile 2FA will be available to all users in the App Store and Play Store.
The feature is another way GitHub users can enable two-factor authentication alongside security keys and WebAuthn, one-time passcodes, and SMS.
“GitHub Mobile provides a strong alternative to existing one-time passcode options offered by third-party applications and via SMS, with an experience that is fully baked into the GitHub services you already use,” Veral said.
“GitHub is committed to keeping our platform secure and enabling developers to secure their accounts. One way we’re doing that is by helping more developers adopt two-factor authentication (2FA) for their accounts. Over the past year, we’ve led the way in improving developer account security with the introduction of support for security keys as an authentication mechanism for git operations and enforcing two factor authentication for all npm publishers.”
Veral noted that the GitHub Mobile 2FA app was a “strong” alternative experience that is “fully baked into the GitHub services you already use.”
For those who already have two-factor authentication enabled on their GitHub accounts and have the mobile app installed, all you have to to is update the app to start using the Mobile 2FA feature.
GitHub also provides links to help those looking to install it and urged anyone who hasn’t already enabled two-factor authentication to do so through the account settings platform. Those who haven’t already set it up will need to use SMS or another time-based one-time password to set it up for the first time before they can use Mobile 2FA.
“Once set up, you’ll receive a push notification to your mobile device when you sign in to your GitHub.com account on any browser. You can approve or reject the sign in- attempt. If you approve it, you’ll be logged into GitHub.com immediately,” Veral explained.
“If you already set up 2FA with a security key, GitHub will use that as the primary two factor authentication channel. Security keys provide the strongest available protection of your account credentials. Read more about how GitHub is integrating authentication with security keys.”
GitHub repeatedly pushed its users to enable two-factor authentication last year and in August, announced that they would stop accepting account passwords when authenticating Git operations. The platform began requiring people to use stronger authentication factors like personal access tokens, SSH keys, or OAuth or GitHub App installation tokens for all authenticated Git operations on GitHub.com.
“If you have not done so already, please take this moment to enable 2FA for your GitHub account. The benefits of multifactor authentication are widely documented and protect against a wide range of attacks, such as phishing,” Github’s Mike Hanley explained last year.