ZDNet reports that GitHub will be requiring code developers to enable two or more forms of two-factor authentication by the end of next year as the Microsoft-owned code repository seeks to strengthen its security measures.
The recent proliferation of malicious packages in GitHub's npm registry has prompted the new security requirement. However, organizations have been given a 2023 deadline to be able to "optimize" the domain prior to the rules' implementation.
"Developers everywhere can expect more options for secure authentication and account recovery, along with improvements that help prevent and recover from account compromise," said GitHub Chief Security Officer Mike Hanley.
The development comes after new scanning functionality preventing accidental secret exposure was introduced by GitHub last month. "While we are investing deeply across our platform and the broader industry to improve the overall security of the software supply chain, the value of that investment is fundamentally limited if we do not address the ongoing risk of account compromise. Our response to this challenge continues today with our commitment to drive improved supply chain security through safe practices for individual developers," Hanley added.
When cybersecurity experts discuss “whaling,” they are looking at how cybercriminals target high-level executives with an eye to stealing the most privileged information and getting access to the most sensitive data.