Microsoft's GitHub platform has received a major upgrade in the form of security key and biometric upgrades. Thanks to the implementation of the Web Authentication standard, the site now supports the features on more browsers, while supporting the use of secondary devices.
Users can now make use of physical security on every major platform. In Windows, macOS, Linux, and Android, customers can make use of keys on Chromium browsers and Firefox. Legacy Edge is also supported on Windows, though Edgeium will soon supersede it.
On iOS, implementation is a bit more difficult. Users must use Brave and a YubiKey 5Ci to access physical security. It's also worth noting that while Safari supports the functionality, it's only in the Technical Preview currently.
Considering a Passwordless Future
WebAuthn support also opens GitHub for use of a secondary device as a security key. Windows Hello can be utilized for biometrics like fingerprint and facial recognition, as well as PIN. You can use Chrome on Android for fingerprint authentication, and Chrome on macOS with Touch ID.
Currently, these features are available as second factory security, but GitHub says it's mulling them as a single, passwordless login:
“Because platform support is not yet ubiquitous, GitHub currently supports security keys as a supplemental second factor. But we're evaluating security keys as a primary second factor as more platforms support them,” said the company. “In addition, WebAuthn can make it possible to support login using your device as a ‘single-factor' security key with biometric authentication instead of a password. Although we're not ready to announce further plans, we'll continue to pursue ways to make secure authentication as easy as possible for everyone on GitHub.”
As a relatively new standard, WebAuthn isn't yet ubiquitous, but users can expect more browsers to support it in the coming year.