GitHub has now announced a secure login feature for its users. As announced, users can now get two-factor authentication (2FA) on GitHub Mobile apps. This new feature is available to both iOS and Android users alike.
GitHub Mobile 2FA Rolls Out
Announcing via a blog post, GitHub elaborated on the new 2FA feature available on its GitHub Mobile apps.
The new feature will work together with the existing authentication measures; WebAuthn, OTPs, SMS, and security keys. The service, however, deems this move a secure alternative to the existing OTPs and SMS-based authentication.
GitHub Mobile provides a strong alternative to existing one-time passcode options offered by third-party applications and via SMS, with an experience that is fully baked into the GitHub services you already use.
GitHub has rolled out this update to its GitHub Mobile apps on Play Store and App Store. Hence, getting this feature doesn’t require any specialized efforts from the users besides updating the mobile apps.
All users who already have 2FA enabled on their accounts shall get access to this feature.
New users can get it right away by enabling 2FA on their accounts and downloading the GitHub Mobile app. Though, they might have to activate the 2FA via SMS-based codes or OTPs.
As described in the post,
You’ll need to set up 2FA with SMS or another time-based one-time password (TOTP) app first to start using Mobile 2FA.
Once set up, you’ll receive a push notification to your mobile device when you sign in to your GitHub.com account on any browser.
Then, the user can approve the login attempt to sign in to the GitHub account via mobile phone.
For users who already have set up security keys for 2FA, the new feature will also use them as the primary 2FA channel.
Git Hub reiterates that using security keys is the safest authentication method.
Given the increasing incidents of credential stuffing and account hacks, securing logins with two-factor authentication is crucial. Moreover, users should also ensure using reliable authentication methods to prevent any breaches.
Last modified: January 28, 2022