GitHub Announces Passkey Authentication Beta
Written by Kay Ewbank   
Friday, 14 July 2023

GitHub has announced a public beta of passkey authentication on GitHub.com. The team says this will offer more flexibility in the ways that developers can authenticate onto the platform.

Passkeys combine ease of use with strong, phishing-resistant authentication, and GitHub says bring us a step closer to being able to avoid the use of passwords. FIDO (Fast IDentity Online) which set up a standard for passkeys, describes them as replacements for passwords that provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices. Unlike passwords, passkeys are always strong and phishing-resistant.​

githubdeklogo

The need to find an alternative to passwords comes from the statistic that passwords are the root cause of more than 80% of data breaches. GitHub has been working to find ways to ensure stronger account security, starting last year with 2FA requirements for code contributors on GitHub.com.

Passkeys on GitHub.com require user verification, meaning they count as two factors in one. One factor is you are or know such as your thumbprint, face, or knowledge of a PIN. The second factor is something you have, such as your physical security key or your device. This combination provides strong enough authentication for GitHub to be confident it's really you signing in.

GitHub says that existing security keys on an account can often be upgraded to become part of a passkey. If your security key is capable of verifying your identity (for example, Touch ID, Windows Hello, Android thumbprints, or PIN-locked or biometric hardware keys), then it’s eligible to be upgraded.

Passkeys can be used across devices using cross-device authentication, which lets you use a passkey on your phone or tablet to sign in on your desktop, by verifying your phone’s presence. You can select a previously linked device or scan a QR code with your phone, complete the sign in there, and be all signed in on your desktop. Because your phone or tablet must be physically close to your laptop or desktop, cross-device authentication retains the phishing-resistant promise of FIDO.

Unlike SMS and email , passkeys are unique per website, so they cannot be used to track a user's activities across different sites.

GitHub's passkey beta is available to join now.

githubdeklogo

 

More Information

Passkey Beta On The GitHub ‘Feature Preview’ Tab 

Related Articles

GitHub Code Scanning Now Uses Machine Learning

GitHub Strengthens Team Working

New From GitHub Universe

GitHub Launches Actions

Microsoft Buys GitHub - Get Ready For a Bigger Devil

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


Seasonal Deals From edX and Udacity
17/11/2023

The season of discount deals has arrived early. edX is offering a 20% off selected courses and program bundles for Cyber Monday. Udacity has an even better Black Friday Deal with 50% off sub [ ... ]



The Pi 5 Breaks The Mold
29/11/2023

The Pi 5 is an exciting development bringing even more power for not much additional cost, but it also signals a bigger change in the Pi line-up, obscured by secretiveness.


More News

esp32book

 

Comments




or email your comment to: comments@i-programmer.info