GitHub is introducing passwordless authentication to enhance account security and provide a more seamless user experience.
Passkeys are touted as offering a secure and easy-to-use method of protecting user accounts, with the aim of eliminating password-based breaches altogether. Unlike conventional security measures, passkeys offer improved security by combining two-factor authentication (2FA) with enhanced user verification.
Passkeys require something the user is or knows (such as a thumbprint, face, or PIN) and something the user has (a physical security key or device). By leveraging these factors, GitHub can verify user identities without relying on passwords.
To enable passkeys on a GitHub account, users must navigate to the ‘Settings’ sidebar, access the ‘Feature Preview’ tab, and select the option to enable passkeys. Once enabled, users can upgrade eligible security keys to passkeys and register new passkeys.
Passkeys can be used across devices, and a new feature called cross-device authentication allows users to sign in on a desktop by verifying their phone’s presence.
One of the key advantages of passkeys is their ability to replace passwords entirely. When using passkeys on GitHub.com, user verification serves as two factors in one, eliminating the need for passwords.
Additionally, with expanded browser support, passkeys can be automatically suggested by the browser’s autofill system on the login page, further streamlining the authentication process.
Passkeys also offer synchronisation across devices, ensuring users are never locked out of their accounts due to key loss.
Depending on the passkey provider, synchronisation can occur automatically, leveraging services like iCloud, Google Password Manager, or password managers such as 1Password or Dashlane.
For users with existing security keys, upgrading to passkeys is a simple process. Eligible security keys capable of verifying user identities, such as Touch ID, Windows Hello, or biometric hardware keys, can be upgraded to passkeys.
GitHub’s introduction of passkey authentication demonstrates the platform’s commitment to bolstering account security while prioritising user experience. By embracing passwordless authentication, GitHub aims to reduce the risk of data breaches caused by weak or compromised passwords.
With passkeys, developers can protect their accounts with ease and confidence, knowing that their sensitive information is safeguarded against unauthorised access.
See also: Reddit hacker’s demands include reversing API changes
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The event is co-located with Digital Transformation Week.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.