Multi-factor & Risk-based Authentication , Security Operations , Video

The Role of 2-Factor Authentication in Developer Security

GitHub's John Swanson on How 2FA Improves Software Supply Chain Security
John Swanson, director of security strategy, GitHub

In today's evolving digital landscape, application security is crucial. That's why it is increasingly important to normalize the use of two-factor authentication in the developer community to the point that it is "effectively ubiquitous," said John Swanson, director of security strategy at GitHub.

See Also: Shift From Perimeter-Based to Identity-Based Security

Historically, developers have had mixed views about using multifactor authentication because of concerns about friction and potential workflow disruptions. While 2FA adoption has grown, some developers still perceive it as a source of delays, Swanson said. GitHub is setting higher standards for software security, making the site a starting point to drive 2FA adoption.

"Among developers, their GitHub account in some cases may be their livelihood. And if they lose access to that account because they've misconfigured 2FA or lost their recovery factors, it can have a serious impact," he said. "We're focused around trying to make those factors more durable and more resilient to loss, so that developers don't have to face that fear. That's the chief challenge."

In this video interview with Information Security Media Group at Black Hat USA 2023, Swanson also discussed:

  • How 2FA enhances software supply chain security;
  • What factors member of the development community are embracing the most;
  • How collaboration and strategic preparation have reduced 2FA-related support tickets.

Swanson has nearly 15 years of experience in security and risk. Previously, he held senior leadership roles in incident response, threat detection and threat intelligence, as well as corporate crisis management, product security strategy, risk assessment, and strategy and program planning.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.