Hey mantid-builder!
We're reaching out to let you know that as announced last year, we will officially begin requiring two-factor authentication (2FA) for certain contributors on GitHub.com. You are receiving this notification because your account meets the criteria for the current enrollment group - but you have 2FA enabled already!
You don't need to do anything in response to this email, but please do not disable 2FA between now and September 21st, 2023 at 00:00 (UTC). If you disable 2FA, your access to GitHub.com at the end of the 45 day enrollment period will be restricted until you re-enable 2FA. This email, and a dismissable banner in the GitHub.com UI, will be the only notifications about this change.
Making the software supply chain more secure is a team effort, and we couldn't do it without you. Your enrollment in 2FA is an impactful step in keeping the world's software secure.
We are enrolling GitHub users who manage or author code on GitHub. You are one of those people! More information about our plan to increase 2FA adoption can be found in this blog post. This is a GitHub.com program, and unrelated to your organization or enterprise membership.
No, you don't need to take any additional actions. After September 21st, 2023 at 00:00 (UTC), you will no longer be able to disable 2FA for your account, but you will still be able to update your 2FA methods and settings.
Critically, if you disable 2FA between now and September 21st, 2023 at 00:00 (UTC), your access to GitHub.com will be restricted after the deadline if you don't re-enable 2FA.
We want you to have the most seamless experience with 2FA possible, so you can choose one or more of the following options:
You should set up at least two of these options, to ensure you always have access to your account. Head to https://github.com/settings/security to enroll more 2FA methods.
Your PATs, SSH keys, and applications will all keep working after the deadline, regardless of your 2FA enrollment. PATs in particular are used extensively in important automation, and interruption there can cause outages in critical systems.
GitHub strongly encourages the use of multiple second factor options. If you lose all of your second factors, recovery codes are the only way to access your account again. By saving your recovery codes, you'll be able to regain access.
Be sure to enable cloud backup for your authenticator app and save your recovery codes. Many phones and computers can be security keys as well - registering them with GitHub.com gives you additional, highly-secure 2FA methods.
For security reasons, GitHub Support may not be able to restore access to accounts with 2FA enabled if you lose your 2FA credentials and lose access to your account recovery methods.
More information about recovery codes can be found on GitHub Help at https://docs.github.com/articles/recovering-your-account-if-you-lose-your-2fa-credentials
Ensuring account security is a shared responsibility GitHub takes seriously. Strong authentication and the use of 2FA have been recognized as best practice for many years. We feel that GitHub has a duty to lead this push toward strong authentication as part of protecting the software supply chain.
To see this and other security events for your account, visit your account security audit log.
If you run into problems, please contact support by visiting the GitHub support page.
Thanks,
The GitHub Team