GitHub launches passkey support into general availability (GitHub PassKey)
All GitHub.com users can now register a GitHub passkey to sign in without a password
GitHub is officially rolling out its passkeys security feature for general availability, following its initial beta release two months ago.
Passkeys offer cloud-synced authentication using cryptographic key pairs, allowing users to sign in to websites and apps with the same screen-lock PIN or biometrics they use for their devices or a physical security authentication key. It essentially combines the security benefits of passwords and two-factor authentication (2FA) into a single step, making it easier for people to access their online services securely.
Back in May of last year, Google, Apple, Microsoft (the parent company of GitHub), and the FIDO Alliance joined forces to bring passwordless logins to fruition, ensuring seamless compatibility across various devices, browsers, and operating systems. This collaboration aimed to eliminate the need for users to repeatedly enroll in different systems.
Over the past months, these companies have been steadily broadening passkey support. In May, Google introduced support for Google Accounts, and today, Microsoft announced that Windows 11 will empower users to manage their passkey.
Now, developers who wish to employ passkeys on GitHub can simply go to their account security settings and click on “add a passkey.”
Also Read | Microsoft Copilot Brings AI to Windows 11, Works Across Multiple Apps and Your Phone
Supply chain security
GitHub holds a central position in the software supply chain, enabling countless developers and companies to engage in collaborative efforts on both open-source and proprietary software development projects. Nevertheless, a series of cybersecurity incidents has elevated the significance of software security to the forefront of political agendas worldwide. This includes the Biden administration, which issued an executive order and released a cybersecurity strategy, underscoring the necessity for major tech companies to bolster the resilience of their systems.
Also Read | OpenAI has introduced Dall-E 3, the most recent iteration of its text-to-image tool
In response to these challenges, GitHub initiated a mandatory two-factor authentication (2FA) requirement for all contributors in March, and this onboarding process will continue to roll out gradually throughout the remainder of 2023. In addition to this, GitHub is now introducing passkeys as an option for individual developers to enhance the security of their personal accounts. This development is particularly welcome news for companies heavily reliant on open-source components within their software projects.
