GitHub is going passwordless with new passkey support

(Image credit: GitHub)

GitHub has become the latest prominent service to offer passkey support, letting users login without a password.

The popular software repository, which is now owned by Microsoft, announced in a blog post on its website that the public beta for passkeys is now available.

For users that opt in, it means that passkeys will replace security keys, and will be used in place of both your password and 2FA method.

Convenience and security

Passkeys are the latest passwordless technology that have been adopted by prominent tech firms already, such as Apple, Google, and Microsoft. These along with other tech giants are board-level members of the FIDO alliance, the cross-industry association that sets the technological standards for passkeys.

Other services offer passkey support too, such as eBay, PayPal and BestBuy. Although the total number of adopters is currently quite small, it seems that uptake is slowly growing, with GitHub being the latest to support their use.

> Google Chrome now supports passkeys for everyone

> Bitwarden now lets you create passkeys for your business apps

> Microsoft is being sued over Github Copilot piracy

Passkeys work by storing a private cryptographic key on your device, which, when combined with the public key of the service in question, allows you to login to your account. All that is need to authenticate your identity is whatever measure you use to lock your device, such as your fingerprint or face scan, or your PIN.

As well as improving convenience, passkeys are also claimed to be more secure as they are phishing resistance - no one can extract the keys from you in social engineering campaigns as they are stored on device with zero knowledge architecture; not even the user knows what they are.

GitHub also cites the claim from the FIDO alliance that passwords are the root cause of more than 80% of data breaches, so it is argued that switching to passkeys will drastically improve the security posture of users and organizations.

GitHub has taken various steps over the years to help protect users and itself from supply chain attacks, since the software available on the site is often propagated widely to numerous organizations.

In 2021, for instance, it removed the ability to authenticate Git operations with passwords only, requiring token-based authentication, such as those offered by security keys. An in May this year, it made 2FA mandatory for developer accounts.

Want to have access to your passkeys cross-platform? Then you'll need to use the best password manager

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, including speakers and headphones, having spent over a decade exploring the murky depths of audio production and PC building. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Latest

Sony Xperia 1 VI leak reveals new camera app and more features borrowed from Alpha cameras

See more latest ►

Convenience and security

Are you a pro? Subscribe to our newsletter

Most Popular