The famous collaborative development platform is making progress in terms of security. GitHub launches the public beta version of passkeys, a passwordless, but much more secure authentication method.
This new functionality has two objectives: to make the user experience more fluid and to improve account security. The passkey system is the equivalent of a reinforced combination of immaterial proof of your identity (facial recognition, PIN code or fingerprint) and material proof: possession of a specific device (mobile or tablet for example) or a security key in physics. For users of the GitHub platform, this is a step forward: no more need to remember lengthy passwords, and the risk of phishing attacks is reduced.
Enabling passkeys on your GitHub account
Activating the passkeys is very simple. On GitHub, simply go to your account settings. Look for the section called “Features overview” and check the option “Enable passkeys” in it. It is strongly recommended that you register your passkeys on multiple devices if you can. If you have one of them stolen, this will prevent you from being unable to access your account.
The advantage is that these passkeys can be used on several devices simultaneously thanks to a “cross-device” feature. Imagine that you have configured a passkey on your tablet and that you want to access your GitHub account on your laptop. Thanks to this feature, you will simply have to scan a QR code on your computer screen using your tablet, and the connection will be established. It is rather practical and secure.
The benefits of passkeys
Compared to traditional passwords, passkeys have many advantages and are more reliable from a security point of view. The double verification explained previously is coupled with the fact that the passkeys are unique for each site. Cannot be used to track a person’s activities across multiple platforms or websites. The user can also synchronize their passkeys on different types of devices, automatically. It will all depend on the passkey provider you use.
On iOS, users have their iCloud account to perform this synchronization, and for Android, there is Google Password Manager. These two OS-specific features are very effective and are currently very reassuring. Other password managers are also able to manage your passkeys like Dashlane or 1Password.
With the introduction of passkeys based on the two-factor authentication (2FA) method, GitHub takes protection and security to the next level. The feature is simple to activate and use, and will provide a convenient experience for its future users.
Sources: GitHub, Neowin, BleepingComputer
3