GitHub has officially rolled out its passkeys security feature for general availability, following a two-month beta testing phase.
Passkeys introduce a cloud-synced authentication system using cryptographic key pairs, allowing users to access websites and applications using their screen-lock PIN, biometrics, or physical security key.
This combines the security aspects of passwords and two-factor authentication (2FA) into a single step, streamlining secure access to online services.
"We found that Linux and Firefox users struggled to use passkeys, as those platforms don't yet have strong support for passkeys," GitHub said.
"As a result, we decided to enable cross-device registration of passkeys. That means you can register a passkey on your phone while you're using your desktop. The passkey lives in the phone, but users can connect it to their desktop and set up and authenticate through the desktop's browser. This enables Linux and Firefox users to set up passkeys."
Implementing 2FA by the End of 2023
According to GitHub's announcement, passkeys are a novel form of sign-in credential designed to enhance account security by reducing reliance on traditional passwords and other easily phishable authentication methods. Since its beta launch in July, tens of thousands of developers have adopted passkeys.
This move aligns with GitHub's commitment to implementing 2FA for all contributors by the end of 2023, reinforcing security without compromising user experience.
To set up one or more passkeys on an account, users can navigate to their account security settings and select "Add a passkey." If security keys are already in place, an "Upgrade" option may be visible if they are compatible with passkeys.
While passkeys offer enhanced security, some platforms like Linux and Firefox have faced challenges in their integration due to limited support. To address this, cross-device registration of passkeys has been enabled, allowing users to register a passkey on one device and authenticate through another, providing broader support.
Additionally, GitHub noticed that many users who own hardware keys chose to upgrade to a passkey, defying initial predictions. To facilitate this transition, a new "upgrade" option has been introduced in account security settings, allowing immediate upgrading of compatible security keys.
Read Also: GitHub Copilot Chat AI Feature Public Beta Now Available: Integrated with OpenAI's ChatGPT 4 Model
GitHub Encourages Multiple 2FA Credentials Registrations
GitHub is also encouraging users to register multiple 2FA credentials to ensure continued access in case of loss or unavailability. As part of this effort, users are prompted to register a passkey if they have a compatible device that hasn't been associated with one yet.
The success of passkeys relies on widespread support across various browsers and operating systems. Apple, Google, and Microsoft have all contributed to this by enhancing their support for passkeys, filling key gaps that were identified as essential for the release of this feature.
Microsoft Windows has recently made improvements to its OS passkey implementation, allowing cross-device access, while Chrome and Mac users will now have access to the iCloud keychain, making passkeys more versatile across ecosystems. This collective effort aims to establish passkeys as a widely embraced security measure.
Related Article: GitHub, Open AI Introduce Copilot Which Works on Visual Studio Code--Evolution of Pair Programming?
