learn cybersecurity
Best security practices are the responsibility of all developers, with the recent surges in fraudulent login attempts, it serves as a good reminder that account security is the pillar to good organizational security practices:
As GitHub’s Staff Security Analyst @sanjuanswan noted during a recent security Twitter space
“your organization is only as secure as your least secure member”
It’s our responsibility to promote good security practices, whether you are an individual contributor or team lead. Here are three steps you can take today to set an effective model of security practices.
Enabling 2FA adds an extra layer of security when logging into your GitHub account. With 2FA, you have to log in with your username and password and provide another form of authentication that only you know or have access to. If you lose access to your selected authentication method, you can use the provided recovery codes to access your account. Don’t forget to download and store those recovery codes somewhere secure.
At the organizational level, owners can require that members, billing managers, and outside collaborators use two-factor authentication to secure their personal accounts. Set this standard at the organizational level.
GitHub protects your account by requiring you to click a link sent to your email address when you log in from a new device. If a potential attacker doesn’t also have access to your email account, they can’t ATO (account take over) your GitHub account.
Use a unique, and complex password for your email account; the best way to accomplish this is by using a password manager.
Don’t share email addresses or login information with your team, and keep a recurring audit, or even better, add an off-boarding step so departing team members no longer has access to your repos.
You can use GitHub Mobile for 2FA when logging in to your GitHub account in a web browser. 2FA with GitHub Mobile does not rely on TOTP, and instead uses public-key cryptography to secure your account.
To get started with GitHub mobile for 2FA, if you’re not already using the mobile app, you can install it now and sign in to your account. And if you haven’t set up 2FA, set it up via your account security settings. You’ll need to set up 2FA with SMS or another time-based one-time password (TOTP) app first to start using Mobile 2FA. Once you have configured a TOTP application, or SMS, you can also use GitHub Mobile to authenticate youtube.
Most software vulnerabilities are mistakes, not malicious attacks. Do your part and secure the software you write today, starting with your GitHub account security.
Stay Safe!
You may also enjoy reading, Q4/21: Sees More DDoS Attacks Than Ever Before
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today
Remember, CyberSecurity Starts With You!
This post was last modified on 13 June 2022 1:42 PM
British high street chain WH Smith has recently revealed that it was hit by a…
As banks worldwide roll out Voice ID as a means of user authentication over the…
In the era of digital transformation, cybersecurity has become a major concern for businesses. When…
In today's digital age, cybersecurity threats have become a significant concern for businesses of all…
The RIG Exploit Kit is currently in the midst of its most productive phase, attempting…
One of the most transformational technologies of our time, artificial intelligence (AI), has quickly come…
Leave a Comment