You can see which members of your organization should enable two-factor authentication. If a malicious user gains access to your organization, they'll be able to access your repositories and settings.
In the top right corner of any page, click your profile photo, then click Your profile.
On the left side of your profile page, under "Organizations", click the icon for your organization.
On the right side of the organization profile page, click People.
Members of your organization without two-factor authentication are listed with an orange triangle.
- If a member does not have 2FA enabled, they can turn it on from their personal account's security settings page. For more information, see "Securing your account with two-factor authentication."
You can also access the list of organization members who don't use 2FA through the GitHub API. Here's an example script demonstrating how to do this.
