GitHub introduces passkey authentication for its platform

Microsoft-owned GitHub on Thursday announced the public beta of passkey authentication on its platform. Often considered a more secure way of authentication, the use of passkeys entails the use of two factors — biometrics or a PIN, along with a physical security key.

“In fact, passwords, which we all rely on, are the root cause of more than 80% of data breaches. That’s why GitHub is committed to helping all developers employ strong account security while staying true to our promise of not compromising their user experience. We began this commitment with our 2FA initiative across GitHub. Today, we are furthering this work by ensuring seamless and secure access on GitHub.com with the public beta of passkey authentication,” said Hirsch Singhal, staff product manager at GitHub.

Singhal further added that passkeys add easier configuration and enhanced recoverability over traditional security keys. This ensures private and easy methods to protect accounts while minimising the risk of account lockout.

Passkeys can be used across devices through Cross-Device Authentication and can be synched across user devices. GitHub shows a ‘synced’ label on the credentials. A user may choose a preferred passkey setup depending on his/her risk model.

In May 2022, aligned with the Fast Identity Online (FIDO) Alliance, companies like Microsoft, Apple and Google teamed up to increase support for a common passwordless sign-in standard in a bid to ditch passwords and ensure a unified, secure way to log into their accounts. Earlier, Microsoft enabled a no-password log-in for Outlook, Office, Skype, Xbox Live, and other online services. And in May this year, Google said that it has started rolling out passkey support to both Android and Chrome, a step that further signals a password-less future.