Mike Hanley on GitHub’s blog:
The software supply chain starts with the developer. Developer accounts are frequent targets for social engineering and account takeover, and protecting developers from these types of attacks is the first and most critical step toward securing the supply chain…
Today, as part of a platform-wide effort to secure the software ecosystem through improving account security, we’re announcing that GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023.
This is a big step in the right direction and their new(ish) 2FA for GitHub Mobile feature helps make the burden not as cumbersome as it might be otherwise.