New improvements and best practices for account security and recoverability
Finding compromised passwords and two-factor recovery checkups
Open sourcing our Delegated Account Recovery implementation
In February, we shipped the "Recover Accounts Elsewhere" feature to help people regain access to their accounts if they lose access to their two-factor device or token. It is an…
Bug Bounty third anniversary wrap-up
In honor of our Bug Bounty Program's third birthday, we kicked off a promotional bounty period in January and February. In addition to bonus payouts, the scope of the bug…
New and improved two-factor lockout recovery process
The Recover Accounts Elsewhere feature lets you associate your GitHub account with your Facebook account. This will help us recover your account for certain two-factor authentication lockout scenarios. For example,…
Bug Bounty anniversary promotion: bigger bounties in January and February
The GitHub Bug Bounty Program is turning three years old. To celebrate, we're offering bigger bounties for the most severe bugs found in January and February. The bigger the bug,…
Keeping GitHub OAuth Tokens Safe
While making your source code available in a public GitHub repository is awesome, it's important to be sure you don't accidentally commit your passwords, secrets, or anything else that other…