PC Magazine

GitHub Ditches Password-Based Authentication for Many Workflows

GitHub has taken another step toward ditching passwords by requiring token-based authentication for its command line interface, third-party desktop apps, and other external services that directly ...
Bleeping Computer

GitHub tightens npm security with mandatory 2FA, access tokens

GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale incidents recently. The attacks led to the compromise of thousands of accounts and ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...