All news with #fido2 tag

🔒 GitHub is implementing stronger defenses for the npm ecosystem after recent supply-chain attacks that compromised repositories and spread to package registries. The platform will require 2FA for local publishing, shorten token lifetimes to seven days, deprecate classic tokens and TOTP in favor of FIDO/WebAuth, and promote trusted publishing. Changes will roll out gradually with documentation and migration guides to reduce disruption.

🔐 GitHub said it will change npm authentication and publishing practices in the near future to address recent supply-chain attacks, including the Shai-Hulud incident. The company will require 2FA for local publishes, deprecate legacy tokens and TOTP in favor of FIDO, introduce seven-day granular publishing tokens, and enable OIDC-based trusted publishing. The npm CLI will also auto-generate provenance attestations to prove source and build environment.

🔐 CrowdStrike announced three enhancements to Falcon Next‑Gen Identity Security: FalconID, expanded privileged access controls, and identity‑driven case management. FalconID delivers FIDO2-based, phishing-resistant passwordless MFA via the Falcon for Mobile app, combining Bluetooth proximity checks with contextual telemetry to block credential phishing, MFA fatigue, and session hijacking. Privileged access updates add just-in-time workflows, Microsoft Teams request/revoke, Fusion SOAR automation, and hybrid coverage including local systems (early access). Identity-driven case management integrates identity detections into Falcon Next‑Gen SIEM and automates analyst response (generally available).