GitHub supports Web Authentication (WebAuthn) for security keys
The WebAuthn standard for security keys is making authentication as easy as possible. Now you can use security keys for second-factor authentication on GitHub with many more browsers and devices.
GitHub now supports Web Authentication (WebAuthn) for security keys—the new standard for secure authentication on the web. Starting today, you can use security keys for two-factor authentication on GitHub with even more browsers and devices. And, since many browsers are actively working on WebAuthn features, we’re excited about the potential for strong and easy-to-use authentication options for the entire GitHub community in the future.
Register a new security key in your GitHub settings
More browsers, devices, and biometric options
Previously, GitHub supported physical security keys using the experimental U2F API for Chrome. WebAuthn is the standards-based successor. You can now use physical security keys on GitHub with:
- Windows, macOS, Linux, and Android: Firefox and Chrome-based browsers
- Windows: Edge
- macOS: Safari, currently in Technology Preview but coming soon to everyone
- iOS: Brave, using the new YubiKey 5Ci
But there’s more—GitHub’s move toward WebAuthn makes it possible to use your laptop or phone as a security key without carrying a separate physical key. If you’re using the following browsers, you can register your device today:
- Microsoft Edge on Windows, using Windows Hello (with facial recognition, fingerprint reader, or PIN)
- Chrome on macOS, using Touch ID
- Chrome on Android, using fingerprint reader
And as new browsers and devices support WebAuthn, you’ll have even more choices for secure authentication that automatically work with GitHub.
The future of authentication: secure and easy-to-use
Account security is critical for GitHub. Although we support strong authentication options, many people still don’t use a password manager or two-factor authentication because individual passwords have always been the easiest choice.
Because platform support is not yet ubiquitous, GitHub currently supports security keys as a supplemental second factor. But we’re evaluating security keys as a primary second factor as more platforms support them. In addition, WebAuthn can make it possible to support login using your device as a “single-factor” security key with biometric authentication instead of a password. Although we’re not ready to announce further plans, we’ll continue to pursue ways to make secure authentication as easy as possible for everyone on GitHub.
Implementing WebAuthn
Are you interested in supporting security keys as an authentication option for your web service? WebAuthn offers some of the strongest account protection around—and it’s easier than ever to implement in a variety of server programming languages using open source libraries available on GitHub. We’ve also open sourced @github/webauthn-json, a lightweight JavaScript wrapper around the WebAuthn API you might find useful. We’re excited to see how you’re making authentication more secure, easy, and flexible for your users.
Tags:
Written by
Related posts
GitHub Availability Report: November 2024
In November, we experienced one incident that resulted in degraded performance across GitHub services.
The top 10 gifts for the developer in your life
Whether you’re hunting for the perfect gift for your significant other, the colleague you drew in the office gift exchange, or maybe (just maybe) even for yourself, we’ve got you covered with our top 10 gifts that any developer would love.
Congratulations to the winners of the 2024 Gaady Awards
The Gaady Awards are like the Emmy Awards for the field of digital accessibility. And, just like the Emmys, the Gaadys are a reason to celebrate! On November 21, GitHub was honored to roll out the red carpet for the accessibility community at our San Francisco headquarters.