V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
hellomynameis
V2EX  ›  GitHub

GitHub 将从 2023 年 9 月 21 日起强制使用双因素验证

  •  
  •   hellomynameis · 2023-08-08 10:07:31 +08:00 · 1587 次点击
    这是一个创建于 507 天前的主题,其中的信息可能已经有所发展或是发生改变。

    邮件大意: 这项要求针对在 GitHub 上管理或编写代码的 GitHub 用户。2023 年 9 月 21 日 00:00 ( UTC )之后,您将无法再为您的账户禁用 2FA ,

    下面直接贴上邮件原文

    Hey ***!

    We're reaching out to let you know that as announced last year, we will officially begin requiring two-factor authentication (2FA) for certain contributors on GitHub.com. You are receiving this notification because your account meets the criteria for the current enrollment group - but you have 2FA enabled already!

    You don't need to do anything in response to this email, but please do not disable 2FA between now and September 21st, 2023 at 00:00 (UTC). If you disable 2FA, your access to GitHub.com at the end of the 45 day enrollment period will be restricted until you re-enable 2FA. This email, and a dismissable banner in the GitHub.com UI, will be the only notifications about this change.

    Making the software supply chain more secure is a team effort, and we couldn't do it without you. Your enrollment in 2FA is an impactful step in keeping the world's software secure.

    What to know about the required 2FA initiative

    We are enrolling GitHub users who manage or author code on GitHub. You are one of those people! More information about our plan to increase 2FA adoption can be found in this blog post. This is a GitHub.com program, and unrelated to your organization or enterprise membership.

    I already have 2FA enabled, do I need to do anything?

    No, you don't need to take any additional actions. After September 21st, 2023 at 00:00 (UTC), you will no longer be able to disable 2FA for your account, but you will still be able to update your 2FA methods and settings.

    Critically, if you disable 2FA between now and September 21st, 2023 at 00:00 (UTC), your access to GitHub.com will be restricted after the deadline if you don't re-enable 2FA.

    What forms of 2FA can I use?

    We want you to have the most seamless experience with 2FA possible, so you can choose one or more of the following options:

    • Security key
    • GitHub Mobile
    • Authenticator application (TOTP)
    • Text messages (SMS)

    You should set up at least two of these options, to ensure you always have access to your account. Head to https://github.com/settings/security to enroll more 2FA methods.

    What happens to my PATs and SSH keys at the deadline?

    Your PATs, SSH keys, and applications will all keep working after the deadline, regardless of your 2FA enrollment. PATs in particular are used extensively in important automation, and interruption there can cause outages in critical systems.

    What do I do if I lose my 2FA device?

    GitHub strongly encourages the use of multiple second factor options. If you lose all of your second factors, recovery codes are the only way to access your account again. By saving your recovery codes, you'll be able to regain access.

    Be sure to enable cloud backup for your authenticator app and save your recovery codes. Many phones and computers can be security keys as well - registering them with GitHub.com gives you additional, highly-secure 2FA methods.

    For security reasons, GitHub Support may not be able to restore access to accounts with 2FA enabled if you lose your 2FA credentials and lose access to your account recovery methods.

    More information about recovery codes can be found on GitHub Help at https://docs.github.com/articles/recovering-your-account-if-you-lose-your-2fa-credentials

    Why is GitHub requiring 2FA?

    Ensuring account security is a shared responsibility GitHub takes seriously. Strong authentication and the use of 2FA have been recognized as best practice for many years. We feel that GitHub has a duty to lead this push toward strong authentication as part of protecting the software supply chain.

    To see this and other security events for your account, visit your account security audit log.

    If you run into problems, please contact support by visiting the GitHub support page.

    Thanks, The GitHub Team

    2 条回复    2023-09-04 01:15:10 +08:00
    AoEiuV020JP
        1
    AoEiuV020JP  
       2023-08-08 10:36:25 +08:00
    上就上呗,之前发邮件让上我就上了,
    现在谷歌 authenticator 也能同步这些验证码了,方便了不少,
    weidaizi
        2
    weidaizi  
       2023-09-04 01:15:10 +08:00
    整了个本地纯命令行的 2FA TOTP 验证码生成器: https://v2ex.com/t/970617
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2808 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 26ms · UTC 13:42 · PVG 21:42 · LAX 05:42 · JFK 08:42
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.