Skip to content

Explicitly mention SMS as insecure method #38840

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 10, 2025
Merged

Explicitly mention SMS as insecure method #38840

merged 2 commits into from
Jun 10, 2025

Conversation

RCheesley
Copy link
Contributor

Why:

When completing some security checks, we were having multiple team members flagged up as 'insecure' despite the fact that they had many different secure methods enabled in their settings. I was not able to find anywhere what might be causing the insecure flag to be applied, because it isn't explicitly called out in the docs anywhere. It's mentioned in passing here:

https://github.blog/changelog/2024-11-21-enhanced-2fa-management-for-orgs-and-enterprises-public-preview/

Currently, GitHub defines SMS/text message as an insecure method of 2FA, and TOTP authentication applications, the GitHub Mobile app, security keys, and passkeys as secure methods.

This PR adds a specific reference to SMS being an insecure method.

What's being changed (if available, include any code snippets, screenshots, or gifs):

It just adds an explicit mention that SMS is considered an insecure method.

Check off the following:

  • A subject matter expert (SME) has reviewed the technical accuracy of the content in this PR. In most cases, the author can be the SME. Open source contributions may require an SME review from GitHub staff.
  • The changes in this PR meet the docs fundamentals that are required for all content.
  • All CI checks are passing and the changes look good in the review environment.

@welcome Welcome
Copy link

welcome bot commented Jun 10, 2025

Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Jun 10, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jun 10, 2025
edited
Loading

How to review these changes 👓

Thank you for your contribution. To review these changes, choose one of the following options:

A Hubber will need to deploy your changes internally to review.

Table of review links

Note: Please update the URL for your staging server or codespace.

The table shows the files in the content directory that were changed in this pull request. This helps you review your changes on a staging server. Changes to the data directory are not included in this table.

Source Review Production What Changed
organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization.md fpt
ghec
ghes@ 3.17 3.16 3.15 3.14 3.13
fpt
ghec
ghes@ 3.17 3.16 3.15 3.14 3.13

Key: fpt: Free, Pro, Team; ghec: GitHub Enterprise Cloud; ghes: GitHub Enterprise Server

🤖 This comment is automatically generated.

@Sharra-writes
Copy link
Contributor

Thanks for opening a PR! This is definitely a good change. I just need to check our style guide to make sure the information is being added in the correct format, and then I'll either update the format or proceed with getting the PR merged.

@Sharra-writes Sharra-writes added this pull request to the merge queue Jun 10, 2025
Merged via the queue into github:main with commit be56f46 Jun 10, 2025
42 checks passed
@github-actions GitHub Actions
Copy link
Contributor

Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Sharra-writes Sharra-writes Sharra-writes approved these changes

Assignees
No one assigned
Labels
triage Do not begin working on this issue until triaged by the team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@RCheesley @Sharra-writes