GitHub Announces Passkey Authentication Beta
Written by Kay Ewbank   
Friday, 14 July 2023

GitHub has announced a public beta of passkey authentication on GitHub.com. The team says this will offer more flexibility in the ways that developers can authenticate onto the platform.

Passkeys combine ease of use with strong, phishing-resistant authentication, and GitHub says bring us a step closer to being able to avoid the use of passwords. FIDO (Fast IDentity Online) which set up a standard for passkeys, describes them as replacements for passwords that provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices. Unlike passwords, passkeys are always strong and phishing-resistant.​

githubdeklogo

The need to find an alternative to passwords comes from the statistic that passwords are the root cause of more than 80% of data breaches. GitHub has been working to find ways to ensure stronger account security, starting last year with 2FA requirements for code contributors on GitHub.com.

Passkeys on GitHub.com require user verification, meaning they count as two factors in one. One factor is you are or know such as your thumbprint, face, or knowledge of a PIN. The second factor is something you have, such as your physical security key or your device. This combination provides strong enough authentication for GitHub to be confident it's really you signing in.

GitHub says that existing security keys on an account can often be upgraded to become part of a passkey. If your security key is capable of verifying your identity (for example, Touch ID, Windows Hello, Android thumbprints, or PIN-locked or biometric hardware keys), then it’s eligible to be upgraded.

Passkeys can be used across devices using cross-device authentication, which lets you use a passkey on your phone or tablet to sign in on your desktop, by verifying your phone’s presence. You can select a previously linked device or scan a QR code with your phone, complete the sign in there, and be all signed in on your desktop. Because your phone or tablet must be physically close to your laptop or desktop, cross-device authentication retains the phishing-resistant promise of FIDO.

Unlike SMS and email , passkeys are unique per website, so they cannot be used to track a user's activities across different sites.

GitHub's passkey beta is available to join now.

githubdeklogo

 

More Information

Passkey Beta On The GitHub ‘Feature Preview’ Tab 

Related Articles

GitHub Code Scanning Now Uses Machine Learning

GitHub Strengthens Team Working

New From GitHub Universe

GitHub Launches Actions

Microsoft Buys GitHub - Get Ready For a Bigger Devil

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


Copilot Improves Code Quality
27/11/2024

Findings from GitHub show that code authored with Copilot has increased functionality and improved readability, is of better quality, and receives higher approval rates than code authored without it.

 [ ... ]



GitHub Announces Open Source Security Fund
03/12/2024

A new security-focused program, the GitHub Secure Open Source Fund, will invest $1.25M across 125 open source projects. The project is backed by the support of organizations including American Express [ ... ]


More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info