searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
Zeljka Zorz
Zeljka Zorz, Editor-in-Chief, Help Net Security
August 26, 2019
Share

GitHub announces wider array of 2FA options, including security keys and biometrics

GitHub has started supporting the Web Authentication (WebAuthn) web standard, allowing users to use security keys for two-factor authentication with a wide variety of browsers and devices.

GitHub 2FA security keys

New possibilities

Developer accounts at online code and software package repositories are a great target for attackers: compromising one or more means that they can surreptitiously add malicious code to already popular and widely deployed libraries and software packages.

GitHub users have had the ability to additionally protect their accounts by switching on 2-factor authentication since 2013, but the choices were limited to receiving the second factor via SMS or getting it from a Time-based One-Time Password app such as Google Authenticator, Duo Mobile or Authenticator.

Later, they got the option to use physical security keys as GitHub began supporting the experimental U2F API for Chrome, but it was limited.

WebAuthn support now in place, they can now use security keys with:

  • Windows, macOS, Linux, and Android: Firefox and Chrome-based browsers
  • Windows: Edge
  • macOS: Safari (currently in Technology Preview but coming soon to everyone)
  • iOS: Brave, using the new YubiKey 5Ci.

Also, for those who don’t want to lug around actual physical keys, WebAuthn allows them to turn their phone or laptop into one via:

  • Windows Hello (through Microsoft Edge on Windows)
  • Touch ID (through Chrome on macOS)
  • A fingerprint reader (through Chrome on Android).

GitHub 2FA security keys

For the time being, security keys can still only be a second authentication factor but, according to GitHub security engineer Lucas Garron, they are looking into the option of making them a primary second factor as more platforms support them.

GitHub users can find instructions on how to set up and configure two-factor authentication on their accounts here.

More about
  • 2FA
  • account protection
  • biometrics
  • GitHub
  • security key
Share this

Featured news

  • 0mega ransomware gang changes tactics
  • Exploited zero-day patched in Chrome (CVE-2023-3079)
  • How to make developers love security
Spin Up A CIS Hardened Image

Sponsored

The best defense against cyber threats for lean security teams

Webinar: Tips from MSSPs to MSSPs – starting a vCISO practice

Security in the cloud with more automation

CISOs struggle with stress and limited resources

Don't miss

0mega ransomware gang changes tactics

Exploited zero-day patched in Chrome (CVE-2023-3079)

How to make developers love security

Embracing realistic simulations in cybersecurity training programs

Verizon 2023 Data Breach Investigations Report: 74% of breaches involve human element

Cybersecurity news
Help Net Security - Daily information security news with a focus on enterprise security.
© Copyright 1998-2023 by Help Net Security
Read our privacy policy | About us | Advertise
Follow us