2FA

We’ve dramatically increased 2FA adoption on GitHub as part of our responsibility to make the software ecosystem more secure. Read on to learn how we secured millions of developers and why we’re urging more organizations to join us in these efforts.

How to get the security basics right at your organization.

All GitHub.com users can now register a passkey to sign in without a password.

Passkeys are now available in public beta. Opting in lets you upgrade security keys to passkeys, and use those in place of both your password and your 2FA method.

On March 13, we will officially begin rolling out our initiative to require all developers who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Read on to learn about what the process entails and how you can help secure the software supply chain with 2FA.

GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Learn more about our approach, when we’ll begin our rollout, and what you can expect as we begin requiring 2FA.

GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023.

Starting today, we are rolling out mandatory 2FA to all maintainers of top-100 npm packages by dependents.

GitHub continues to improve account security and developer experience with a new 2FA mechanism in GitHub Mobile on iOS and Android.

Today we’re introducing enhanced login verification to the npm registry, and we will begin a staged rollout to maintainers beginning Dec 7.

We’re sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.

The benefits of multifactor authentication are widely documented, and there are a number of options for using 2FA on GitHub.