At Magento, security is a primary concern for us. As part of our commitment to enhancing security we will be requiring all Magento members who contribute code to Magento on GitHub to have Two-Factor Authentication (2FA) enabled on their accounts.
Two-factor authentication adds an additional layer of security beyond just a username/password when you access GitHub. With 2FA, after you log into a service by providing your username and password, there is an additional step of providing a 2FA authentication code. This code can be provided by a mobile device or a two-factor application. This second form of authentication helps us ensure that a malicious user will not be able to gain access to your GitHub account with just your password. This keeps your access to GitHub secure and helps ensure that access to any private Magento GitHub repositories is also protected.
Two-factor authentication is being adopted as an industry-wide security best-practice and we at Magento are also moving in this direction.
GitHub provides good documentation on how to enable 2FA on this page: https://help.github.com/articles/configuring-two-factor-authentication-via-a-totp-mobile-app/
Please note GitHub accounts that do not have 2FA enabled will be removed from the Magento GitHub organization.
Thank you for supporting this enhanced security practice.