Important: Upcoming Security Key Requirement for Dawn committers

17 views
Skip to first unread message

dan sinclair

unread,
Jul 29, 2025, 9:31:50 PMJul 29
to Dawn Graphics
FYI the following message regarding the upcoming need for Security Keys is being sent to impacted committers.



Dear Dawn Contributor,


We are writing to you to let you know that over the next few months we plan to roll out a security enhancement to further protect the integrity of Dawn's codebase.


In late Q3 2025, all committers who write or review code in Git repositories hosted at chromium.googlesource.comdawn.googlesource.com or webrtc.googlesource.com will be required to use a security key for two-factor authentication on their associated Google account. A security key tap will be required once every 20 hours to interact with Git and Gerrit.


Why Security Keys? Security keys provide a robust layer of protection against unauthorized access, significantly reducing the risk of compromised accounts and supply chain attacks. This policy is designed to ensure that all code is reviewed by two trusted contributors.


What You Need To Do:

  • If you already have a security key on your Google account and 2-Step Verification is enabled then no further action is required.

  • We strongly encourage you to set up a security key on your Google account ({{Email-Address}}) as soon as possible. This proactive step will familiarize you with the process and enhance the security of your contributions in advance of the full requirement.


How to Set Up a Security Key:

  • Purchase a Security Key: You can obtain any FIDO security key from the Google Store or other retailers. Ensure that the security key is compatible with your devices.

  • Add Security Key to Your Account:

    • Visit https://myaccount.google.com/ and log in with your Google account ({{Email-Address}}).

    • Follow the instructions here to enable 2-Step Verification (2SV).

    • Follow the instructions here to add your security key to your account.

Important Note: Once the requirement is fully enforced, other forms of 2SV will not be supported for your contributions. This means SMS, authenticator app and/or Passkey 2SV will not suffice. 


We appreciate your cooperation in making Dawn development and related projects even more secure. We’ll reach out to you closer to the time of the Security Key rollout to let you know when it will affect you.


If you have questions or concerns please reply to this message.


Sincerely,

The Chromium Infra Security team

Reply all
Reply to author
Forward
0 new messages