GitHub Organisation Security

bearbin · (This post was last modified: 05-09-2015, 06:34 AM by bearbin.)

I noticed on the GitHub organisation page that I was the only member of the "Owners" team with two-factor authentication enabled.

I think that to improve security of the organisation and hopefully prevent any sort of hacking/defacement we should make all owners enable 2FA.

If not enforcing this, could you please at least consider enabling 2FA on your own account?

bearbin · 05-09-2015, 10:09 PM

Any response?

NiLSPACE · (This post was last modified: 05-09-2015, 10:16 PM by NiLSPACE.)

What is it? As far as I understand 2FA is basicly that you need two passwords to log in. Is that correct?

bearbin · 05-09-2015, 10:48 PM

It means that you have to have a secondary authentication code to log in, yes.

Basically that means that either they can text you or you can install an app on your phone that generates codes on demand.

It means that an attacker would not just have to know your password, but also to have control of your phone (or tablet, etc) to get the code.

NiLSPACE · 05-09-2015, 10:52 PM

Okay, but what if my phone breaks? Can't I log back in then?

LogicParrot · 05-09-2015, 10:53 PM

I was about to ask.

bearbin · 05-09-2015, 11:07 PM

Yes, you can log back in because you can generate backup codes and keep them safe, and if your phone breaks you can use one of them.