What Johnny thinks about using two-factor authentication on
GitHub: A survey among open-source developers

D 2024

What Johnny thinks about using two-factor authentication on GitHub: A survey among open-source developers

KRUŽÍKOVÁ, Agáta; Jakub SUCHÁNEK; Milan BROŽ; Martin UKROP; Václav MATYÁŠ et al.

Základní údaje

Originální název

What Johnny thinks about using two-factor authentication on GitHub: A survey among open-source developers

Autoři

KRUŽÍKOVÁ, Agáta; Jakub SUCHÁNEK; Milan BROŽ; Martin UKROP a Václav MATYÁŠ

Vydání

Vídeň, Rakousko, Proceedings of the 21st International Workshop on Trust, Privacy and Security in the Digital Society, od s. 1-11, 11 s. 2024

Nakladatel

Association for Computing Machinery

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10200 1.2 Computer and information sciences

Stát vydavatele

Spojené státy

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

elektronická verze "online"

Označené pro přenos do RIV

Ano

Kód RIV

RIV/00216224:14330/24:00136602

Organizační jednotka

Fakulta informatiky

ISBN

979-8-4007-1718-5

DOI

https://doi.org/10.1145/3664476.3670885

UT WoS

001283894700134

EID Scopus

2-s2.0-85200416974

Klíčová slova anglicky

enforcement; GitHub; open-source security; two-factor authentication; usable security

Štítky

core_B, firank_B

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 4. 4. 2025 12:00, RNDr. Pavel Šmerk, Ph.D.

Anotace

V originále

Several security issues in open-source projects demonstrate that developer accounts get misused or stolen if weak authentication is used. Many services have started to enforce second-factor authentication (2FA) for their users. This is also the case for GitHub, the largest open-source development platform. We surveyed 110 open-source developers using GitHub to explore how they perceive the importance of authentication on GitHub. Our participants perceived secure authentication as important as other security mechanisms (e.g., commit signing) to improve open-source security. 2FA usage of the project owner was perceived as one of the most important mechanisms. Around half of the participants (51%) were aware of the planned 2FA enforcement on GitHub. Their perception of this enforcement was rather positive. They agreed to enforce 2FA for new devices and new locations, but they were slightly hesitant to use it after some time. They also rather agreed to enforce various user groups on GitHub to use 2FA. Our participants also perceived GitHub authentication methods positively with respect to their usability and security. Most of our participants (68%) reported that they had enabled 2FA on their GitHub accounts.

Návaznosti

MUNI/A/1586/2023, interní kód MU

Název: Aplikovaný výzkum na FI: Forenzní aspekty kritických infrastruktur, aplikovaná kryptografie, kyberbezpečnostní cvičení, algoritmy plánování v logistice a pro zpracování dat z fyzikálních sensorů

Investor: Masarykova univerzita, Aplikovaný výzkum na FI: Forenzní aspekty kritických infrastruktur, aplikovaná kryptografie, kyberbezpečnostní cvičení, algoritmy plánování v logistice a pro zpracování dat z fyzikálních sensorů

Citovat

KRUŽÍKOVÁ, Agáta; Jakub SUCHÁNEK; Milan BROŽ; Martin UKROP a Václav MATYÁŠ. What Johnny thinks about using two-factor authentication on GitHub: A survey among open-source developers. Online. In Proceedings of the 21st International Workshop on Trust, Privacy and Security in the Digital Society. Vídeň, Rakousko: Association for Computing Machinery, 2024, s. 1-11. ISBN 979-8-4007-1718-5. Dostupné z: https://doi.org/10.1145/3664476.3670885.

@inproceedings{2419977,
   author = {Kružíková, Agáta and Suchánek, Jakub and Brož, Milan and Ukrop, Martin and Matyáš, Václav},
   address = {Vídeň, Rakousko},
   booktitle = {Proceedings of the 21st International Workshop on Trust, Privacy and Security in the Digital Society},
   doi = {https://doi.org/10.1145/3664476.3670885},
   keywords = {enforcement; GitHub; open-source security; two-factor authentication; usable security},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {Vídeň, Rakousko},
   isbn = {979-8-4007-1718-5},
   pages = {1-11},
   publisher = {Association for Computing Machinery},
   title = {What Johnny thinks about using two-factor authentication on GitHub: A survey among open-source developers},
   year = {2024}
}

TY  - CONF
ID  - 2419977
AU  - Kružíková, Agáta - Suchánek, Jakub - Brož, Milan - Ukrop, Martin - Matyáš, Václav
PY  - 2024
TI  - What Johnny thinks about using two-factor authentication on GitHub: A survey among open-source developers
PB  - Association for Computing Machinery
CY  - Vídeň, Rakousko
SN  - 9798400717185
KW  - enforcement
KW  - GitHub
KW  - open-source security
KW  - two-factor authentication
KW  - usable security
N2  - Several security issues in open-source projects demonstrate that developer accounts get misused or stolen if weak authentication is used. Many services have started to enforce second-factor authentication (2FA) for their users. This is also the case for GitHub, the largest open-source development platform. We surveyed 110 open-source developers using GitHub to explore how they perceive the importance of authentication on GitHub. Our participants perceived secure authentication as important as other security mechanisms (e.g., commit signing) to improve open-source security. 2FA usage of the project owner was perceived as one of the most important mechanisms. Around half of the participants (51%) were aware of the planned 2FA enforcement on GitHub. Their perception of this enforcement was rather positive. They agreed to enforce 2FA for new devices and new locations, but they were slightly hesitant to use it after some time. They also rather agreed to enforce various user groups on GitHub to use 2FA. Our participants also perceived GitHub authentication methods positively with respect to their usability and security. Most of our participants (68%) reported that they had enabled 2FA on their GitHub accounts.
ER  -

KRUŽÍKOVÁ, Agáta; Jakub SUCHÁNEK; Milan BROŽ; Martin UKROP a Václav MATYÁŠ. What Johnny thinks about using two-factor authentication on GitHub: A survey among open-source developers. Online. In \textit{Proceedings of the 21st International Workshop on Trust, Privacy and Security in the Digital Society}. Vídeň, Rakousko: Association for Computing Machinery, 2024, s.~1-11. ISBN~979-8-4007-1718-5. Dostupné z: https://doi.org/10.1145/3664476.3670885.

Přehled o publikaci