Friday, November 15, 2024

3 Steps To Better Account Security

Best security practices are the responsibility of all developers, with the recent surges in fraudulent login attempts, it serves as a good reminder that account security is the pillar to good organizational security practices:

As GitHub’s Staff Security Analyst @sanjuanswan noted during a recent security Twitter space

“your organization is only as secure as your least secure member”

It’s our responsibility to promote good security practices, whether you are an individual contributor or team lead. Here are three steps you can take today to set an effective model of security practices.

1. 🛠 Enable MFA:

Enabling 2FA adds an extra layer of security when logging into your GitHub account. With 2FA, you have to log in with your username and password and provide another form of authentication that only you know or have access to. If you lose access to your selected authentication method, you can use the provided recovery codes to access your account. Don’t forget to download and store those recovery codes somewhere secure.

At the organizational level, owners can require that members, billing managers, and outside collaborators use two-factor authentication to secure their personal accounts. Set this standard at the organizational level.

2. 🔐 Keep your email accounts up to date and safe

GitHub protects your account by requiring you to click a link sent to your email address when you log in from a new device. If a potential attacker doesn’t also have access to your email account, they can’t ATO (account take over) your GitHub account.

Use a unique, and complex password for your email account; the best way to accomplish this is by using a password manager.

Recommended:  Moodle SQL injection vulnerability: in e-learning platform could enable database takeover

Don’t share email addresses or login information with your team, and keep a recurring audit, or even better, add an off-boarding step so departing team members no longer has access to your repos.

3. 📱 Download the GitHub Mobile Application

You can use GitHub Mobile for 2FA when logging in to your GitHub account in a web browser. 2FA with GitHub Mobile does not rely on TOTP, and instead uses public-key cryptography to secure your account.

To get started with GitHub mobile for 2FA, if you’re not already using the mobile app, you can install it now and sign in to your account. And if you haven’t set up 2FA, set it up via your account security settings. You’ll need to set up 2FA with SMS or another time-based one-time password (TOTP) app first to start using Mobile 2FA. Once you have configured a TOTP application, or SMS, you can also use GitHub Mobile to authenticate youtube.

Conclusion:

Most software vulnerabilities are mistakes, not malicious attacks. Do your part and secure the software you write today, starting with your GitHub account security.

Stay Safe!

You may also enjoy reading, Q4/21: Sees More DDoS Attacks Than Ever Before

Got to Cybersecurity News

Cybersecurity Knowledge Base

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose
Recommended:  New Android malware dubbed Xenomorph targets customers of 56 banks
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security