GitHub, the leading software development platform, has officially launched its passkey security feature into general availability. This move comes after a successful beta testing phase conducted over the past two months. Passkeys provide users with cloud-synced authentication using cryptographic key pairs, revolutionizing the way individuals sign in to websites and applications.
Key Takeaway
GitHub has officially launched its passkey security feature, offering users a seamless and secure authentication method. Passkeys combine the convenience of passwords with the added security of two-factor authentication into a single step. This development strengthens software supply chain security, providing developers with an additional layer of protection for their personal accounts.
What are Passkeys?
Passkeys offer a convenient and secure method of authentication by combining the benefits of passwords and two-factor authentication (2FA) into a single step. Users can now sign in to their online services using the same screen-lock PIN, biometrics, or physical security key they use for their devices. This streamlines the login process, making it easier for individuals to access their digital accounts securely.
Earlier last year, tech giants such as Google, Apple, Microsoft, and the FIDO Alliance joined forces to bring passwordless logins to reality across devices, browsers, and operating systems. This collaboration aimed to eliminate the need for users to re-enroll multiple times, enhancing convenience and security simultaneously. In May, Google introduced support for Google Accounts, while Microsoft announced today that Windows 11 will enable users to manage their passkeys.
Improved Software Supply Chain Security
As a critical player in the software supply chain, GitHub facilitates collaboration between millions of developers and companies working on open source and proprietary software projects. However, recent cybersecurity incidents have brought software security to the forefront of political agendas worldwide. The Biden administration, for instance, issued an executive order and cybersecurity strategy urging major tech companies to enhance the robustness of their systems.
In response to these challenges, GitHub made two-factor authentication (2FA) mandatory for all contributors starting in March, with an incremental onboarding process continuing until 2023. Furthermore, GitHub is now providing passkey support to individual developers for securing their personal accounts. This development will be particularly welcomed by companies relying on open source components for their software, as it adds an extra layer of protection to critical code.