The Role of 2-Factor Authentication in Developer SecurityGitHub's John Swanson on How 2FA Improves Software Supply Chain Security
In today's evolving digital landscape, application security is crucial. That's why it is increasingly important to normalize the use of two-factor authentication in the developer community to the point that it is "effectively ubiquitous," said John Swanson, director of security strategy at GitHub.
Historically, developers have had mixed views about using multifactor authentication because of concerns about friction and potential workflow disruptions. While 2FA adoption has grown, some developers still perceive it as a source of delays, Swanson said. GitHub is setting higher standards for software security, making the site a starting point to drive 2FA adoption.
"Among developers, their GitHub account in some cases may be their livelihood. And if they lose access to that account because they've misconfigured 2FA or lost their recovery factors, it can have a serious impact," he said. "We're focused around trying to make those factors more durable and more resilient to loss, so that developers don't have to face that fear. That's the chief challenge."
In this video interview with Information Security Media Group at Black Hat USA 2023, Swanson also discussed:
- How 2FA enhances software supply chain security;
- What factors member of the development community are embracing the most;
- How collaboration and strategic preparation have reduced 2FA-related support tickets.
Swanson has nearly 15 years of experience in security and risk. Previously, he held senior leadership roles in incident response, threat detection and threat intelligence, as well as corporate crisis management, product security strategy, risk assessment, and strategy and program planning.