GitHub Introduces Passwordless Login with Passkeys for Enhanced Security

GitHub has now made passkeys available for its entire user base, paving the way for passwordless logins. This comes after a successful public beta test conducted in July.

The introduction of passkeys aims to provide robust protection against phishing attacks, unauthorized access, and other threats to users’ accounts.

Device-Bound Protection

Passkeys are unique in that they are tethered to specific devices, ranging from computers and tablets to smartphones. They offer a seamless way for people to access online services and apps, using personal identification methods like biometrics – think fingerprints or face recognition – and PINs.

A significant advantage to this is that users are no longer burdened with remembering and managing passwords for different websites, apps and accounts.

Addressing Platform Challenges

Regarding the rollout, GitHub's official statement shed light on some initial challenges. "We found that Linux and Firefox users struggled to use passkeys, as those platforms don’t yet have strong support for passkeys," the announcement explained.

To address this hiccup, GitHub introduced a cross-device registration process for passkeys.

"That means, you can register a passkey on your phone while you’re using your desktop. The passkey lives in the phone, but users can connect it to their desktop and set-up and authenticate through the desktop’s browser. This enables Linux and Firefox users to set up passkeys."

Getting Started with Passkeys

To get started with this new feature, users can head to their account's security settings and click the "Add a passkey" button.

Those already using passkeys from the beta phase can upgrade them, ensuring they're compatible with the system after the public release.

Continued Commitment to User Security

This recent development underscores GitHub's persistent dedication to fortifying user security. In March, the platform mandated 2-factor authentication (2FA) for all active developers, a move applauded by many in the tech industry. The company's proactive approach to security is further highlighted by previous implementations, such as sign-in alerts and restrictions on using compromised passwords.