GitHub has made passkeys generally available across the platform today to secure accounts against phishing and allow passwordless logins for all users.
Passkeys are linked to specific devices, such as computers, tablets, or smartphones, and have a crucial role in reducing the risk of data breaches by providing protection against phishing attacks and blocking unauthorized access attempts.
They facilitate access to apps and online services through personal identification methods like PINs or biometric authentication, including fingerprints and facial recognition.
Moreover, passkeys also significantly enhance user experience and security by eliminating the need to memorize and manage distinct passwords for each website and app.
GitHub introduced passkey support in July as part of a public beta passwordless authentication push.
"Since the launch of passkeys in beta in July, tens of thousands of developers have adopted them. Now, all users on GitHub.com can use passkeys to protect their account," said GitHub's Staff Product Manager Hirsch Singhal, on Thursday.
"This continues our commitment to securing all contributors with 2FA by the end of 2023 and strengthening security across the platform—without compromising user experience."
To register one or multiple passkeys, open your account's security settings and click the "Add a passkey" option. If you have previously configured security keys, you may also see an "Upgrade" option, provided they can be used as passkeys.
This comes on the heels of a concerted move by Apple, Google, and Microsoft to improve support for passkeys across their platforms.
Microsoft announced today that it will allow users to securely log into apps and websites using passkeys saved on their mobile devices, starting with the upcoming September 26 Windows 11 22H2 update.
Google also announced support for allowing Chrome 118 users to sign into websites using passkeys created on iOS devices and synced via the iCloud keychain to their Mac devices.
Today's announcement also comes after GitHub made two-factor authentication (2FA) mandatory for all active developers starting March 13.
Over the years, the company also strengthened account security by implementing sign-in alerts, two-factor authentication, and blocking compromised password usage.
Comments
wpontius - 3 days ago
A password or PIN can easily be changed if hacked or stolen. After your face and all ten fingers have been stolen, what then? Companies have no problem storing or transmitting your passwords and credit card information in clear text, doubt this will be treated any differently. Profits are more important than security, so I would be careful to keep your biometric data confined to your PC.