GitHub launches official Passkey service

Github testing Passkey since July has now officially launched the service. Passkey can be enabled by all Github users through their account security settings, as stated on their official blog.

'Must-See 'Everywhere' Gameplay Trailer Unveils Epic Sandbox with an Impressive Fortnite Vibe'

Passkey can be registered for different devices on Github, except for the Linux platform and browsers like Firefox which do not have complete support for it. To address this, Github has introduced cross-device Passkey registration. Users can register their Passkey on mobile phones and then use it to log in to their computers.

Github aims to promote the use of multiple 2FA credentials for all accounts. This ensures that if one credential is lost, the account can still be recovered using the other credentials. Github checks if a user's device is compatible with Passkey and reminds them to register a Passkey if it is compatible.

The cloud-based Passkey service also facilitates cross-device credential synchronization. For instance, Apple's iCloud account can synchronize Passkeys of iOS and macOS, and Google Code Verifier can synchronize Passkeys across all user's Android devices. It can also sync Passkeys with third-party password management programs like 1Password, making Passkey accessible on all devices where the program is installed.

Introducing Passkeys

Passkeys are a new form of authentication that allows users to sign in to their Github account without using a password. Instead, users can utilize a cloud-backed passkey service to sync their Passkeys across devices including Apple devices, Android devices, or password managers. Passkeys offer a secure and reliable way to make developer accounts more secure while maintaining accessibility.

Passkey is a login verification file containing a set of keys, consisting of a public key registered on a website or app, and a private key stored on the user's device. Users can use various biometric features such as fingerprints, iris recognition, or PIN codes to log in to different website services with a single click after registering their Passkey. Passkey is based on the FIDO 2 / WebAuthn standard, allowing cross-platform usability.

How Passkeys Work

Passkeys utilize public-key cryptography, a method of encrypting and decrypting data using a public key and a private key. When a user signs in to their Github account using Passkey, the Passkey encrypts a message that is sent to Github's servers. The servers then decrypt the message using the user's public key to verify their identity.

Passkeys maintain user privacy by not revealing any data about their identity or the device used for signing in. This makes them more secure than traditional passwords that can be easily guessed or stolen.

Benefits of Passkeys

Passkeys offer several advantages:

1. Increased Security: Passkeys are more secure than regular passwords due to their reliance on public-key cryptography.
2. Phishing Resistance: Passkeys are resistant to phishing attacks as they do not reveal any data and keep user information safe.
3. Convenience: Passkeys can be synced across devices and used from anywhere, including Apple devices, Android devices, and password managers.
4. Privacy-Preserving: Passkeys do not expose any personal data or user identity.
5. Reduced Password Fatigue: Passkeys alleviate the need to remember multiple passwords for different accounts, reducing password fatigue.

Cons of Passkeys

1. Limited Support: Passkeys are not widely supported by all apps and websites, which can be inconvenient.

2. New Technology: Passkeys are a relatively new technology and may have bugs or issues that need to be resolved.

3. Device Dependency: Passkeys are linked to specific devices, requiring new passkeys to be set up if the device is lost or replaced.

4. Learning Curve: While passkeys are designed to be user-friendly, some users may find the setup and usage process confusing.

5. Privacy Concerns: Storing passkeys on devices can pose a risk if the device is compromised, emphasizing the importance of device security and additional protective measures.

Conclusive summary

Github's Passkey service marks a new era of authentication, providing users with a passwordless login experience. Passkeys offer enhanced security, resistance to phishing attacks, convenience, privacy preservation, and reduced password fatigue. Github's initiative towards passwordless authentication signifies a more secure and user-friendly future.