Summary
Users of GitHub Mobile will be able to use the iOS and android apps as a type of two-factor authentication (2FA) when signing into their GitHub.com account.
Intended Outcome
2FA is an extra layer of security that helps protect not only our user's accounts but also the repositories they have access to. We want to encourage more users to enable 2FA, by making it easier to enable 2FA and approve 2FA requests via adding GitHub Mobile as a 2FA option.
How will it work?
GitHub Mobile users can enable 2FA in the app after updating to a supported version and logging in. Push notifications will be sent to all applicable devices. The push notification will have the options of "approve" and "deny" and will be subject to expiration. Approval will require an additional verification where the user will input the numbers that match a number shown to the user on login on GitHub.com. A payload provided by the server will be signed by the mobile device (using a private key) and the signed payload will be verified on the server before accepting the approval or denial. Users will be able to opt in or out of using the GitHub Mobile option in their user account settings.
Summary
Users of GitHub Mobile will be able to use the iOS and android apps as a type of two-factor authentication (2FA) when signing into their GitHub.com account.
Intended Outcome
2FA is an extra layer of security that helps protect not only our user's accounts but also the repositories they have access to. We want to encourage more users to enable 2FA, by making it easier to enable 2FA and approve 2FA requests via adding GitHub Mobile as a 2FA option.
How will it work?
GitHub Mobile users can enable 2FA in the app after updating to a supported version and logging in. Push notifications will be sent to all applicable devices. The push notification will have the options of "approve" and "deny" and will be subject to expiration. Approval will require an additional verification where the user will input the numbers that match a number shown to the user on login on GitHub.com. A payload provided by the server will be signed by the mobile device (using a private key) and the signed payload will be verified on the server before accepting the approval or denial. Users will be able to opt in or out of using the GitHub Mobile option in their user account settings.