fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

GitHub Deprecates Account Passwords For Authenticating Git Operations

GitHub Deprecates Account Passwords For Authenticating Git Operations

GitHub has announced today that account passwords will no longer be accepted for authenticating Git operations starting tomorrow.

This change was first announced last year, in July, when GitHub said that authenticated Git operations would require using an SSH key or token-based authentication.

GitHub also deprecated password-based authentication for authenticating via the REST API beginning with November 13, 2020.

“Starting on August 13, 2021, at 09:00 PST, we will no longer accept account passwords when authenticating Git operations on GitHub.com,” the company said.

“Instead, token-based authentication (for example, personal access, OAuth, SSH Key, or GitHub App installation token) will be required for all authenticated Git operations.”

If you’re still using a username and password to authenticate Git operations, you should take the following steps to avoid disruption when the new requirements are enacted tomorrow:

  1. For developers, if you are using a password to authenticate Git operations with GitHub.com today, you must begin using a personal access token over HTTPS (recommended) or SSH key by August 13, 2021, to avoid disruption. If you receive a warning that you are using an outdated third-party integration, you should update your client to the latest version.
  2. For integrators, you must authenticate integrations using the web or device authorization flows by August 13, 2021, to avoid disruption. For more information, see Authorizing OAuth Apps and the announcement on the developer blog.

Also Read: 4 Things to Know When Installing CCTVs Legally

If you want to ensure that you’re no longer using password-based authentication, you can enable two-factor authentication, which requires OAuth or personal access tokens for all authenticated operations via Git and third-party integrations.

If you already have two-factor authentication enabled for your GitHub account, you will not be affected by this authentication change in any way since you’re already using token- or SSH-based authentication.

GitHub has improved account security over the years by adding two-factor authenticationsign-in alertsverified devicesblocking the use of compromised passwords, and WebAuthn support.

The enforced token-based authentication for authenticating Git operations increases GitHub accounts’ resilience against takeover attempts by preventing attackers from using stolen credentials or reused passwords to hijack accounts.

Also Read: 5 Most Frequently Asked Questions About Ransomware

In May, GitHub also added support for securing SSH Git operations using FIDO2 security keys for added protection from takeover attempts.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us