In the realm of digital security, the weakest link often proves to be the humble password. It’s a well-known fact that over 80% of data breaches are rooted in compromised passwords. GitHub, widely used by developers worldwide, is taking a significant step towards enhancing account security by introducing passkeys in a public beta phase. This move is a part of GitHub’s ongoing efforts to ensure robust account security without compromising the user experience.
GitHub’s introduction of passkeys is a significant stride towards a more secure, passwordless future. It offers users a more flexible, reliable, and secure way to authenticate their accounts. As we move forward, it will be interesting to see how this technology evolves and how it will shape the future of digital security.
Understanding Passkeys
Passkeys are an evolution of traditional security keys, offering easier configuration and improved recoverability. They provide a secure, privacy-preserving, and user-friendly method to safeguard your accounts while reducing the risk of account lockouts. Unlike other methods such as SMS and email, passkeys are unique to each website, eliminating the possibility of cross-site user tracking. The introduction of passkeys brings us a step closer to a passwordless future, aiming to eliminate password-based breaches.
Setting up Passkeys on GitHub
To start using passkeys with your GitHub account, you need to follow a few simple steps. First, navigate to the ‘Settings’ sidebar on your GitHub account. From there, locate the ‘Feature Preview’ tab and click on ‘enable passkeys’. Once you’ve activated passkeys, you can upgrade eligible security keys to passkeys and register new ones. This process is straightforward and designed to be user-friendly.
User verification
Passkeys on GitHub require user verification, which essentially means they count as two factors in one. They combine something you are or know (like your thumbprint, face, or a PIN) and something you have (like your physical security key or device). This dual-factor authentication eliminates the need for a password, ensuring a secure sign-in process. With expanded browser support, your browser’s autofill system can automatically suggest using your passkey to sign in, right from the login page. This feature is not limited to users with 2FA enabled; all users can complete a sign-in using just their passkey.
Cross device authentication with Passkeys
Passkeys are not limited to the device they were created on; they can be used across your devices. A feature known as cross-device authentication allows you to use a passkey on your phone or tablet to sign in on your desktop by verifying your phone’s presence. This can be done by selecting a previously linked device or scanning a QR code with your phone. This feature retains the phishing-resistant promise of FIDO.
Many passkeys can be synced across your devices, ensuring you’re never locked out of your account due to key loss. Depending on your passkey provider, your passkey can be synced across your devices automatically. For instance, your iCloud account will sync passkeys from iOS to macOS, Google Password Manager syncs across your Android devices, and password managers like 1Password or Dashlane can sync passkeys across installations of their password managers across any device. However, not all passkeys sync across devices. In your user settings, GitHub shows a ‘synced’ label on the credentials that are reported as syncing.
Upgrading Security Keys
If your security key is capable of verifying your identity (for example, Touch ID, Windows Hello, Android thumbprints, or PIN-locked or biometric hardware keys), then it’s eligible to be upgraded to a passkey. During your next sign-in with that security key, GitHub will ask you if you want to upgrade it to a passkey. This re-registration ensures that your passkey is discoverable during authentication and synced if supported.
For more information on the new introduction of GitHub Passkeys now available in public beta jump over to the official GitHub blog by following the link below.
Source : GH
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.