Require 2FA to mitigate crypto miner attacks

Lately I have been reading many repositories have been getting bogus pull requests to run crypto miners using GitHub actions.

My idea to tackle this problem (and other spam) is that GitHub could add a repository option to require 2FA for users to interact with the repository.

Hi @remcohaszing :wave:

Thanks for making your first post in the community!

We also appreciate your suggestion here.

While there’s no permanent setting to limit contributions to only collaborators but the temporary interaction limits could be helpful in preventing this from happening in the future.

So you can enable them for up to 6 months but would have to enable again after that time period.

We have received feedback from other GitHub users that having a permanent interaction limit would be useful and we can definitely advocate for this feature to the Actions product team.

Our roadmap is now publicly visible, so we recommend that you keep an eye on the GitHub Blog and roadmap for the latest announcements about new features.