Have you ever been neck-deep building a new feature? You're working at capacity. You need to test something out so you paste an API key into your source file with every intention of removing it later. But you forget. You push to GitHub. It's an easy mistake, and potentially a very expensive one. In this article, Julien Cretel explores the nuances of this kind of data leak, offers suggestions for recovery when leaks happen and gives us options for preventing them in the first place.
Alongside introducing new security features like Two-Factor Authentication (2FA) and integration with haveibeenpwned.com, we also take a quick look into the inner workings of Two-Factor Authentication.