Risky Bulletin Newsletter
August 17, 2022
Risky Biz News: Programmers will need to learn to love MFA, even if they like it or not
Presented by

News Editor
Even if not a package repository in itself, GitHub is often used by the maintainers of various other libraries to host their code. GitHub knows this and the central role it plays in securing many open-source libraries and package repositories, many of which pull package releases straight off its platform.
Earlier this year, GitHub announced that all users who contribute code on any GitHub.com project will be required to enable one or more forms of MFA by the end of 2023.
Some developers might not be in the mood to solve MFA challenges when logging into their package accounts or when pushing some tiny code update via an API or CLI tool, but the writing is slowly starting to appear on the wall, and the writing says that MFA will soon become a de-facto login security standard for most package repositories and DevOps platforms.