GitHub has announced a new feature that allows users to log in to their accounts without using a password. The feature, called passwordless authentication, is designed to provide a more secure and convenient way to access GitHub.com.
Passwordless authentication through passkeys works by using WebAuthn, a web standard that enables browsers to communicate with security devices such as biometric scanners, USB keys, or smartphones. Users can register one or more of these devices with their GitHub account and use them to verify their identity when logging in.
GitHub says passwordless comes with the following benefits:
- Eliminates the risk of phishing attacks, where hackers try to trick users into revealing their passwords by sending fake emails or websites.
- Reduces the need for password managers, which can be vulnerable to breaches or malware.
- Simplifies the login process, as users do not have to remember or type complex passwords.
- Supports multiple devices, so users can switch between different browsers or computers without losing access to their accounts.
GitHub says that passwordless authentication is compatible with most modern browsers and platforms, including Chrome, Edge, Firefox, Safari, Windows, macOS, Linux, Android, and iOS. Users can also choose to enable two-factor authentication (2FA) for an extra layer of security.
To use passwordless authentication, users need to go to their account settings and select “Security” from the sidebar. Then they need to click on “Set up passwordless sign-in” and follow the instructions to register their device. Once registered, they can use their device to sign in to GitHub.com from any browser.
Passwordless authentication is currently available for all GitHub.com users and will be rolled out to GitHub Enterprise Cloud customers soon. GitHub plans to add more features and options to passwordless authentication in the future.
Microsoft is Also Testing Passkeys for Windows Hello
As I reported last month, Microsoft is testing a new way to sign in to websites and apps on Windows 11 using Passkeys through Windows Hello, a standard that is designed to be more secure than traditional passwords.
Passkeys are a new and secure way to sign in to online accounts. They are special codes that the device generates and stores for the users. The codes are not transmitted to the websites and apps that the users sign in to. This prevents hackers from capturing or spoofing them. Users can activate Passkeys on their Windows 11 device. Then they can access their online accounts with a simple scan of their face or finger. They can also enter a PIN, but that is less secure than biometrics.
Passkeys are currently in testing on Windows Hello through Windows 11 Preview build 24386, but Microsoft plans to make them available to everyone later this year. The company that passkeys are part of its vision to eliminate passwords altogether and make online security more user-friendly. The company has been working on passwordless solutions for years, such as using phone numbers, email addresses, or security keys as alternatives to passwords. With Windows 11, Microsoft hopes to make passkeys more widely available and compatible with more apps and websites.