Passkeys offer cloud-synced authentication using cryptographic key pairs, allowing users to sign in to websites and apps with the same screen-lock PIN or biometrics they use for their devices, or a physical security authentication key. It essentially combines the security benefits of passwords and two-factor authentication (2FA) into a single step, making it easier for people to access their online services securely.
Way back in May last year, Google, Apple, GitHub’s parent Microsoft and the FIDO Alliance teamed up to make passwordless logins a reality across devices, browsers and operating systems, meaning that users won’t have to re-enroll multiple times. And the companies have been gradually expanding passkey support in the intervening months, with Google introducing support for Google Accounts in May, while just today Microsoft revealed that Windows 11 will now enable users to manage their passkeys.
And now, developers wanting to use passkeys in GitHub can do just that by heading to their account security settings, and hitting “add a passkey.”
Supply chain security
GitHub plays a pivotal role in the software supply chain, allowing millions of developers and companies to collaborate on open source and proprietary software development projects. However, a spate of cybersecurity incidents have pushed the issue of software security to the forefront of political agendas around the world, including the Biden administration, which issued an executive order and published a cybersecurity strategy that called for large tech companies to ensure their systems are more robust.
This led GitHub to require 2FA for all contributors starting back in March, an onboarding process that’s happening incrementally throughout the rest of 2023. And feeding into that, GitHub is now offering passkeys for individual developers to secure their personal accounts — which will be good news for any company that relies on open source components for the software.