GitHub announced this morning that it has added support for passkeys in public beta. The passkeys feature is a standardized new way that lets users seamlessly and securely access GitHub.com.
A passkey is a sequence of characters that helps to ensure that only authorized users gain access to sensitive resources. The security feature is used along with email addresses or usernames to verify users’ identity. Passkeys are more secure as compared to alternate methods, including one-time code delivered over SMS.
According to the FIDO Alliance team, passwords are the root cause of more than 80 percent of security breaches worldwide. Passkeys are designed to protect users against credential theft, phishing campaigns, and social engineering attacks.
“Passkeys on GitHub.com require user verification, meaning they count as two factors in one—something you are or know (your thumbprint, face, or knowledge of a PIN) and something you have (your physical security key or your device). Because of this strength of authentication, we don’t need your password to trust that it’s really you signing in,” explained Hirsch Singhal, Staff Product Manager at GitHub.
To enable passkeys on a Google account, click the “Feature Preview” tab available in the Settings sidebar and then select the “enable passkeys” option. Users will now be able to register new passkeys and upgrade eligible security keys to passkeys. It’s recommended that users should register passkeys on several devices to avoid the risk of account lockouts.
GitHub explained that passkeys provide support for cross-device authentication. This capability lets developers use a passkey on their phones to sign into a laptop/computer. “Because your phone or tablet must be physically close to your laptop or desktop, Cross-Device Authentication retains the phishing-resistant promise of FIDO,” Singhal added.
GitHub noted that some third-party services (such as 1Password and Dashlane) let users sync their passkeys across multiple devices. Passkeys are supported on both modern browsers and devices, and you can learn more about passkeys on this support page.