GitHub introduces passwordless authentication

Ryan Daws is a senior editor at TechForge Media, with a seasoned background spanning over a decade in tech journalism. His expertise lies in identifying the latest technological trends, dissecting complex topics, and weaving compelling narratives around the most cutting-edge developments. His articles and interviews with leading industry figures have gained him recognition as a key influencer by organisations such as Onalytica. Publications under his stewardship have since gained recognition from leading analyst houses like Forrester for their performance. Find him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)


GitHub is introducing passwordless authentication to enhance account security and provide a more seamless user experience.

Passkeys are touted as offering a secure and easy-to-use method of protecting user accounts, with the aim of eliminating password-based breaches altogether. Unlike conventional security measures, passkeys offer improved security by combining two-factor authentication (2FA) with enhanced user verification.

Passkeys require something the user is or knows (such as a thumbprint, face, or PIN) and something the user has (a physical security key or device). By leveraging these factors, GitHub can verify user identities without relying on passwords.

To enable passkeys on a GitHub account, users must navigate to the ‘Settings’ sidebar, access the ‘Feature Preview’ tab, and select the option to enable passkeys. Once enabled, users can upgrade eligible security keys to passkeys and register new passkeys.

Passkeys can be used across devices, and a new feature called cross-device authentication allows users to sign in on a desktop by verifying their phone’s presence.

One of the key advantages of passkeys is their ability to replace passwords entirely. When using passkeys on GitHub.com, user verification serves as two factors in one, eliminating the need for passwords.

Additionally, with expanded browser support, passkeys can be automatically suggested by the browser’s autofill system on the login page, further streamlining the authentication process.

Passkeys also offer synchronisation across devices, ensuring users are never locked out of their accounts due to key loss.

Depending on the passkey provider, synchronisation can occur automatically, leveraging services like iCloud, Google Password Manager, or password managers such as 1Password or Dashlane.

For users with existing security keys, upgrading to passkeys is a simple process. Eligible security keys capable of verifying user identities, such as Touch ID, Windows Hello, or biometric hardware keys, can be upgraded to passkeys.

GitHub’s introduction of passkey authentication demonstrates the platform’s commitment to bolstering account security while prioritising user experience. By embracing passwordless authentication, GitHub aims to reduce the risk of data breaches caused by weak or compromised passwords.

With passkeys, developers can protect their accounts with ease and confidence, knowing that their sensitive information is safeguarded against unauthorised access.

See also: Reddit hacker’s demands include reversing API changes

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The event is co-located with Digital Transformation Week.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *