GitHub goes passwordless, announces passkeys beta preview

GitHub

GitHub announced today the introduction of passwordless authentication support in public beta, allowing users to upgrade from security keys to passkeys.

Passkeys are associated with individual devices like computers, tablets, or smartphones and play a vital role in minimizing the likelihood of data breaches by protecting users against phishing attacks by thwarting credential theft and beach attempts.

They also enable logging into applications and online platforms using personal identification numbers (PINs) or biometric authentication methods, such as facial recognition or fingerprints.

By eliminating the need to remember and manage unique passwords for every app and website, they also vastly improve user experience and security.

GitHub’s Staff Product Manager Hirsch Singhal revealed today that “Passkeys are now available in public beta. Opting in lets you upgrade security keys to passkeys, and use those in place of both your password and your 2FA method.”

To activate passkeys on your account, click your profile photo in the top-right corner of any GitHub page. From there, open the ‘Feature Preview’ menu and click the ‘Enable passkeys’ option.

“The next time you sign in with [a] security key, we’ll ask you if you want to upgrade it to a passkey, which will re-register it with your passkey provider,” Singhal said.

“Because passkeys are privacy preserving, you might have to trigger your passkey a few times during that upgrade flow so we can make sure we’re upgrading the right credential. Once you do, you’re all set for a passwordless experience.”

Upgrading security keys to passkeys
Upgrading security keys to passkeys (BleepingComputer)

​This is another step taken by GitHub to enhance software supply chain security by transitioning away from basic password-based authentication.

Today’s announcement comes after GitHub made two-factor authentication (2FA) mandatory for all active developers using its platform starting March 13.

Previously, the code hosting platform gradually phased out account passwords for authenticating Git operations and introduced device verification via email.

In November 2020, GitHub disabled REST API password authentication and introduced FIDO2 security keys support to secure SSH Git operations in May 2021.

Over the years, GitHub bolstered its account security measures by implementing two-factor authentication and sign-in alerts, blocking compromised password usage, and adding WebAuthn support.

“We’re excited to continue to provide more flexibility, reliability, and security in the ways you can authenticate to GitHub,” Singhal added on Wednesday.

In May, Google also announced a passkey support rollout for Google Accounts across all its services and platforms to let users sign into their accounts without entering a password or using 2-Step Verification (2SV).

Last month, Microsoft expanded support for passkeys in Windows 11 by adding a built-in passkey manager for Windows Hello and making it more secure to log in using biometric authentication.


Original Source



A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.