Home Cyber Security News GitHub Revamps 2FA With WebAuthn Support For Security Keys

GitHub Revamps 2FA With WebAuthn Support For Security Keys

by Abeerah Hashim
GitHub vulnerability exposed session tokens

GitHub has taken another step towards enhancing its security features. As announced recently, the popular developers’ platform GitHub is now introducing WebAuthn support for security keys. This introduction of Web Authentication will enhance its overall two-factor authentication feature.

GitHub Announces WebAuthn Support

GitHub has decided to launch WebAuthn support for security keys. As claimed, this move will provide users better security features along with support for a futuristic login authentication method.

As elaborated in a recent blog post, GitHub justified Web Authentication implementation as a much-needed feature for account security. It is because many users still rely on single passwords only instead of employing two-factor authentication.

Account security is critical for GitHub. Although we support strong authentication options, many people still don’t use a password manager or two-factor authentication because individual passwords have always been the easiest choice.

At the moment, GitHub offers conventional two-factor authentication, such as SMS verification, authentication apps, and security keys. With this decision, GitHub plans to upgrade the security key as the primary second factor.

Because platform support is not yet ubiquitous, GitHub currently supports security keys as a supplemental second factor. But we’re evaluating security keys as a primary second factor as more platforms support them.

Revamping 2FA With Better Security And Ease Of Access

Alongside better security, with this Web Authentication implementation, GitHub also aims at making the authentication process easy for the users. Owing to the widespread support for U2F, users can now use a security key on GitHub with various browsers. As stated by GitHub,

You can now use physical security keys on GitHub with:
– Windows, macOS, Linux, and Android: Firefox and Chrome-based browsers
– Windows: Edge
– macOS: Safari, currently in Technology Preview but coming soon to everyone
– iOS: Brave, using the new YubiKey 5Ci

Moreover, it will also let the users log in their accounts with their device instead of using a separate physical key.

WebAuthn can make it possible to support login using your device as a “single-factor” security key with biometric authentication instead of a password.

To do so, users shall have to register their device with the corresponding biometric feature using their device browser. For instance, users can register with Chrome on Android using Fingerprint reader, or on macOS using TouchID. Also, they can register via Microsoft Edge browser on Windows devices using Windows Hello.

You may also like

Latest Hacking News