Eclipse Foundation makes 2FA mandatory for all committers
In future, anyone who wants to contribute code to Eclipse will have to log in with two factors: a password and another method.
![Woman holds cell phone in front of laptop](https://heise.cloudimg.io/width/610/q85.png-lossy-85.webp-lossy-85.foil1/_www-heise-de_/imgs/18/4/6/1/0/1/3/5/shutterstock_1917956951-a158c29ff1168bfe.jpeg)
(Image: Tero Vesalainen/Shutterstock.com)
The Eclipse Foundation is making two-factor authentication (2FA) mandatory for all developers who want to contribute code to the project in the repositories on GitHub and GitLab.
As repositories are increasingly becoming the focus of attackers, operators are stepping up their security measures. Eclipse also cites this as a reason for this step: "Two-factor authentication adds another layer of security [...]. This significantly reduces the risk of unauthorized access and strengthens the overall security of Eclipse Foundation projects."
The second factor for GitLab, for example, is either a one-time password (TOTP) or WebAuthN with hardware token (Passkey/Fido2).
(Image: Eclipse)
The changeover only affects a few participants, as over ninety percent of them already use 2FA. The proportion has risen steadily over the past 18 months, "supported by regular reminders and increasing pressure."
The next step is to make 2FA mandatory not only for committing, but also for logging into Eclipse accounts.
(who)