Github has revamped its security systems to issue warnings to users when their passwords have been exposed online through other services.
The code repository has recently partnered with Have I Been Pwned, a search engine operated by security expert Troy Hunt to give the general public a way to quickly discover whether or not their online accounts and passwords have been exposed.
The online service brings together records from public datasets and record dumps which have been released online.
In 2012, LinkedIn suffered a severe data breach in which, four years later, it was discovered that 167 million user records had been stolen. It was this data breach which, arguably, heightened the popularity of Have I Been Pwned and brought to light the issue of re-used passwords, which can be weaponised by attackers to compromise other online accounts and services.
Two-factor authentication (2FA) is another layer of security which can be added to many online accounts to lessen the risk of compromise even if the same password is in use elsewhere.
But with so many online systems protected by nothing more than a password which may be reused or exposed elsewhere, and users choosing not to enable 2FA, notifying account holders of potential compromise is a critical step towards better security.
Github has already enabled 2FA and now, through a relationship with Have I Been Pwned, will notify users when their password has been compromised elsewhere.
“Using this data, GitHub created an internal version of this service so that we can validate whether a user’s password has been found in any publicly available sets of breach data,” the company says.
Now, Github account holders that are using compromised passwords are being made aware of the fact and will be prompted to select new credentials during login and registration.
GitHub recommends that users enable 2FA to enhance their account security. Users should also consider signing up for Have I Been Pwned notifications which will automatically alert you if your email address has been detected in a new data breach.
This article is from the CBROnline archive: some formatting and images may not be present.
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.