GitHub is officially rolling out its passkeys security feature to the general public, following a two-month beta testing period.
Passkeys provide cloud-synced authentication through cryptographic key pairs, allowing users to sign in to websites and applications using the same screen-lock PIN or biometric credentials they use for their devices or a physical security authentication key. This technology effectively combines the security advantages of passwords and two-factor authentication (2FA) into a single streamlined step, simplifying secure access to online services.
In collaboration with Google, Apple, Microsoft (GitHub’s parent company), and the FIDO Alliance, efforts were initiated in May of the previous year to facilitate passwordless logins across devices, browsers, and operating systems. This collaborative initiative aims to eliminate the need for users to repeatedly enroll their credentials. Over the subsequent months, these companies have gradually expanded passkey support. Google introduced support for Google Accounts in May, and most recently, Microsoft announced that Windows 11 will empower users to manage their passkeys.
Developers interested in using passkeys within GitHub can now implement them by accessing their account security settings and selecting the “add a passkey” option.
Supply Chain Security
Supply chain security is of paramount importance, especially in the realm of software development. GitHub serves as a crucial hub where millions of developers and companies collaborate on both open-source and proprietary software projects. In light of a series of cybersecurity incidents that have raised concerns about software security, this issue has gained prominence on global political agendas, including the Biden administration’s initiatives. The administration issued an executive order and unveiled a cybersecurity strategy, emphasizing the need for large tech companies to enhance the resilience of their systems.
As part of its response to these challenges, GitHub implemented the mandatory use of two-factor authentication (2FA) for all contributors starting in March. This transition is being rolled out incrementally over the course of 2023. Complementing this security enhancement, GitHub is now introducing passkeys for individual developers to safeguard their personal accounts. This development will be particularly reassuring for companies that depend on open-source components within their software projects.
