GitHub says #GoPasswordless

PureID

Ajit Hatti

August 25, 2021

All the recent high profile breaches we have seen, have one common root cause - Account takeovers with compromised credentials.

Solarwinds incidents is a biggest examples of how simple account takeovers lead to distribution of malicious updates, which then got amplified through the supply chain and affect the entire world.

GitHub being the world's code-repository and home for all updates, have taken a commendable step to curb account takeover attacks by going passwordless. 

Beginning August 13, 2021, GitHub will no longer accept account passwords when authenticating Git operations on GitHub.com.

As informed previously by Ben Balter, Program Manager at GitHub in July 2020, GitHub wants its users to use alternative forms of authentication which involves tokens, keys, device identification etc.

GitHub to #GoPasswordless

GitHub has also assured the customers already using 2FA or MFA with their existing passwords will remain unaffected. 

GitHub also acknowledges that many forms of 2FA that use SMS based OTP are weaker and bypassable, hence recommends stronger MFA solution to protect your GitHub accounts 

As far as Enterprises are concerned, GitHub supports SAML based authentication which is leveraged by PureAUTH to provide passwordless authentication. 

To further secure your code management platform you can integrate CICD automation suites like Jenkin and code scanning tools like Sonarqube with PureAUTH and #GoPasswordless. 

Share this article    

Connect with Us!

Subscribe to receive new blog post from PureID in your mail box