GitHub has announced a decision to move all users of the GitHub.com service involved in code development to the mandatory use of two-factor authentication (2023FA) by the end of 2. According to GitHub, gaining access to repositories by attackers as a result of account hijacking is one of the most dangerous threats, since in the event of a successful attack, hidden changes can be performed in popular products and libraries used as dependencies.
The new requirement will increase the security of the development process and secure repositories from malicious changes resulting from leaked credentials, using the same password on a compromised site, hacking the developer's local system, or using social engineering methods. According to GitHub statistics, only 16.5% of active users of the service currently use two-factor authentication. By the end of 2023, GitHub intends to disable the ability to submit changes without using two-factor authentication.
Source: opennet.ru