GitHub’s authentication system has been expanded, and will now support FIDO universal second factor (U2F) protocol, which asks for a second piece of hardware to authenticate a session.
The most notable attack U2F thwarts is the popular man-in-the-middle hack, where information in intercepted and used to access a system or file.
To take advantage of U2F, GitHub users will need to purchase a hardware key. While U2F doesn’t require one particular vendor, GitHub is partnering with Yubico — inventor of the popular YubiKey and co-creator of U2F — to offer discounts to GitHub users via a special offer page.
The first 5,000 special edition U2F keys will be sold for $5 each (normally $18). After those are sold through, GitHub users will still qualify for a 20 percent discount on YubiKeys for a limited time, which also applies to students who are eligible for GitHub’s Student Developer Pack.
If you work on a team or have sensitive information in your GitHub repos, U2F may be the best way to protect your code.