Coding platform Github released two-factor authentication today, one of the many tech companies putting that extra step between you and hackers who want access to your account.
Github is a place for developers to build their projects — projects that may one day become valuable intellectual property. The company holds a lot of sensitive information and rightfully wants to protect it starting with one of the weakest points of entry: the user.
Two-factor authentication gives your login username and password combination a bit of backing. When you login using these credentials, instead of immediately being approved, the two-factor authentication will send a special code either by text message or through an app for you to enter as a second form of proof. The idea is that if you can access a passcode on a separate device, you’re more likely to be who you say you are.
You can turn on two-factor for Github in your account settings. The company provided special instructions for those using command-line Git in a blog post today. Example of apps that will deliver these codes to you include Google Authenticator, Duo Mobile, and Authenticator for Windows Phone 7.
Other big-name tech companies such as Apple, Evernote, and LinkedIn have all recently deployed two-factor authentication in response to hacks on their systems. Github seems to be doing it proactively.
For the most part, two-factor authentication can protect you from phishing attacks, where hackers try to trick you into giving over your information. The hope is that even if you hand over your username and password, the hacker still won’t have your phone. Unfortunately, however, cyber criminals are getting smart in their phishing attempts and have even tricked some people into handing over their two-factor codes. In that case, you simply have to hope the authentication tokens expire long before your hacker ever uses them.