GitHub announced that two-factor authentication will be available to all users through GitHub Mobile this week. In a blog post, GitHub's Berk Veral said GitHub Mobile 2FA will be available to all users in the App Store and Play Store.
The feature is another way GitHub users can enable two-factor authentication alongside security keys and WebAuthn, one-time passcodes, and SMS.
"GitHub Mobile provides a strong alternative to existing one-time passcode options offered by third-party applications and via SMS, with an experience that is fully baked into the GitHub services you already use," Veral said.
Veral noted that the GitHub Mobile 2FA app was a "strong" alternative experience that is "fully baked into the GitHub services you already use."
For those who already have two-factor authentication enabled on their GitHub accounts and have the mobile app installed, all you have to do is update the app to start using the Mobile 2FA feature.
GitHub also provides links to help those looking to install it and urged anyone who hasn't already enabled two-factor authentication to do so through the account settings platform. Those who haven't already set it up will need to use SMS or another time-based one-time password to set it up for the first time before they can use Mobile 2FA.
"Once set up, you'll receive a push notification to your mobile device when you sign in to your GitHub.com account on any browser. You can approve or reject the sign-in attempt. If you approve it, you'll be logged into GitHub.com immediately," Veral explained.
GitHub repeatedly pushed its users to enable two-factor authentication last year and, in August, announced that they would stop accepting account passwords when authenticating Git operations. The platform began requiring people to use stronger authentication factors like personal access tokens, SSH keys, or OAuth or GitHub App installation tokens for all authenticated Git operations on GitHub.com.
"If you have not done so already, please take this moment to enable 2FA for your GitHub account. The benefits of multifactor authentication are widely documented and protect against a wide range of attacks, such as phishing," Github's Mike Hanley explained last year.