GitHub Implements Passkeys to enhance Security
Share this:
GitHub has announced the public beta of passkey authentication, offering more flexibility to developers to authenticate onto the platform. By this feature developers upgrade security keys to passkeys and use them in place of both their passwords and 2FA authentication methods. The move is GitHub’s latest step toward a passwordless future after it announced new 2FA requirements for all code contributors last May.
Passkeys are considered the modern alternative to passwords and are generally more secure and easier to use. They are steadily being adopted by enterprises to help raise the authentication security bar and end an over reliance on passwords, a major cause of most data breaches.
In May, Google began rolling out support for passkeys across Google Accounts on all major platforms. Last year, several tech giants announced support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium.
Passkeys build on the work of traditional security keys by adding easier configuration and enhanced recoverability, giving you a secure, private, and easy-to-use method to protect your accounts while minimizing the risk of account lockouts.
Passkeys on GitHub require user verification, meaning they count as two factors in one. The passkeys can be used across devices by verifying a phone’s presence, while some can also be synced across devices to ensure users are never locked out of their account due to key loss.
Developer accounts are frequent targets for social engineering and account takeover, and protecting developers from these types of attacks is the first and most critical step toward securing the supply chain.
Passkeys offer the strongest mix of security and reliability and make developer accounts significantly more secure without compromising access, which remains an issue with other 2FA methods like SMS, TOTP, and existing single-device security keys. Enhanced security from passkeys prevents password theft and account takeover by eliminating the need for passwords.
