Junior Front-End Developer
GitHub, Inc. is a provider of Internet hosting for software development and version control using Git. It offers the distributed version control and source code management (SCM) functionality of Git, plus its own features. It provides access control and several collaboration features such as bug tracking, feature requests, task management, continuous integration, and wikis for every project. Headquartered in California, it has been a subsidiary of Microsoft since 2018.
Over and above the User name and Password to gain access to the user’s account, GitHub provides one more layer of security to its users in the form second level of Authentication and it is called GitHub 2FA (two factors of Authentication). It is the general login procedure followed in most modern websites and Apps to strengthen access security levels.
The second password, generated by GitHub is sent as an SMS message on the User’s registered mobile device and the User will have to input the second password in the login screen correctly to get into the application. The second password can also be generated through an Apps installed on the User’s mobile device.
The following preparatory steps will have to be carried out to implement GitHub 2FA.
GitHub is keen on securing the premium of engineers while permitting them to get to their most recent items and guarantee that their records are not compromised and exposed to hacks. A portion of the drives incorporate Webauthn support, gadget check, staying away from compromised passwords, and got shell Git tasks.
GitHub has tightened security levels for Git operations and with effect from Aug 2021, there will be no normal password authentication for GIT users and they need access tokens, secured shell script keys, App tokens, or OAuth for any code related transactions in GIT.
GitHub recommends 2FA for all its users in order to protect them from Phishing attacks. There are several options for using GitHub 2FA such as:
Though the SMS option looks to be easy and simple to implement, GitHub recommends against using this option since it is not safe and secure like other options on the table and NIST 800-63B does not endorse the usage of SMS. The best method to be followed as recommended by GitHub is Virtual keys using WebAuthn standard. GitHub has also invested a lot in R&D on this personal device-based bio-metric technology involved touch-based or face scanning.
Post getting the security key and making the record got, clients can add further functionalities to it. Clients can add advanced marks to the submits with assistance of a GPS key which is accessible as a feature of the security key. Thorough documentation, recordings are accessible in GitHub for setting up YubiKey baed submit check and validation dependent on Shell scripts.
As explained above there are three ways of adopting 2FA in GitHub. One is the security key using the private device and the second one is the password through an app installed in the device and the third one is the SMS.
GitHub recommends installing a time-bound one-time password (TOTP) generation application in the mobile device. This is the most preferred than SMS due to its lower dependence on telephone networks. TOTP also supports backing up Authentication codes in the cloud and it can be retrieved quickly in case of any issues.
User settings of managed users will have to be configured by the respective identity providers and not by any other persons.
TOTP application when installed generates One time Password automatically set with a time limit after which it elapses. There are several apps in the market and some of them are:
During setup, QR Code should be scanned using the device where the user wants to install the TOTP app. If the device is already is loaded with some other 2FA, the security setting must be tweaked to install a new app.
A similar configuration setting is available for SMS and Security key.
In this article, we have seen elements of GitHub 2FA and the method for introducing and use them. 2FA shields clients from a security assault, dodges vacation, and further develops their efficiency.