GitHub launches passkey support into general availability

GitHub is formally launching its passkeys security feature into general availability, two months after first debuting it in beta.

Passkeys offer cloud-synced authentication using cryptographic key pairs, allowing users to sign in to websites and apps with the same screen-lock PIN or biometrics they use for their devices, or a physical security authentication key. It essentially combines the security benefits of passwords and two-factor authentication (2FA) into a single step, making it easier for people to access their online services securely.

Way back in May last year, Google, Apple, GitHub’s parent Microsoft and the FIDO Alliance teamed up to make passwordless logins a reality across devices, browsers and operating systems, meaning that users won’t have to re-enroll multiple times. And the companies have been gradually expanding passkey support in the intervening months, with Google introducing support for Google Accounts in May, while just today Microsoft revealed that Windows 11 will now enable users to manage their passkeys.

And now, developers wanting to use passkeys in GitHub can do just that by heading to their account security settings, and hitting “add a passkey.”

Supply chain security

GitHub plays a pivotal role in the software supply chain, allowing millions of developers and companies to collaborate on open source and proprietary software development projects. However, a spate of cybersecurity incidents have pushed the issue of software security to the forefront of political agendas around the world, including the Biden administration, which issued an executive order and published a cybersecurity strategy that called for large tech companies to ensure their systems are more robust.