| [eclipse.org-committers] Enabling Two-Factor Authentication (2FA) on github.com |
Dear committers,
The Eclipse Foundation Security Team would like to bring an important security update to your attention.
We would like to stress that Two-Factor Authentication (2FA) on your developer accounts is one of the most effective ways to protect your code base from unauthorized changes. Read more about this.
You may have already received, or will soon receive, a communication from GitHub prompting you to activate 2FA for your accounts. This initiative is part of GitHub's strategy to implement 2FA for all users by year-end. We emphasize the critical nature of this step, as it directly affects your access to repositories and the projects you contribute to. Failure to enroll in 2FA before the stipulated deadline will result in restricted access to GitHub.com, thereby impacting your contribution capability to Eclipse Foundation projects. It's worth noting that Eclipse Foundation will be unable to assist with access restoration if 2FA is not activated. The good news is that the process is straightforward.
We strongly encourage all committers to proactively enable 2FA on their GitHub accounts, and not wait for GitHub enforcement.
At the same time, we are actively engaging with projects hosted on dedicated GitHub organizations to ensure universal 2FA implementation for all committers. If you have a project with a dedicated organization at GitHub and you're eager to implement this today, there's no need to wait for our outreach. Feel free to take the initiative and open a help desk ticket right away.
To enable 2FA on GitHub.com, please follow their instructions.
If you have questions regarding 2FA activation, please don't hesitate to reach out to us for support.
Your commitment to maintaining the security of Eclipse Foundation projects is greatly appreciated.
Cheers,
How will this affect my Github accounts?
In the near future, 2FA will become mandatory for authentication on your accounts. Should you not have enrolled by the deadline GitHub communicated to you, access to the platform will be restricted.
I already have 2FA enabled on GitHub, do I need to do anything?
No, you’re all good.
What do I do if I lose my 2FA device?
We highly recommend the utilization of diverse secondary authentication methods. In the event that you misplace all your secondary authentication elements, recovery codes will be the only way to restore account access. By securely storing your recovery codes, you'll ensure the ability to regain access.
Note that GitHub Support won't be able to restore access to accounts with 2FA enabled if both the 2FA credentials and account recovery methods are lost.