searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Reports
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
  • (IN)SECURE Magazine
Zeljka Zorz
Zeljka Zorz, Editor-in-Chief, Help Net Security
August 26, 2019
Share

GitHub announces wider array of 2FA options, including security keys and biometrics

GitHub has started supporting the Web Authentication (WebAuthn) web standard, allowing users to use security keys for two-factor authentication with a wide variety of browsers and devices.

GitHub 2FA security keys

New possibilities

Developer accounts at online code and software package repositories are a great target for attackers: compromising one or more means that they can surreptitiously add malicious code to already popular and widely deployed libraries and software packages.

GitHub users have had the ability to additionally protect their accounts by switching on 2-factor authentication since 2013, but the choices were limited to receiving the second factor via SMS or getting it from a Time-based One-Time Password app such as Google Authenticator, Duo Mobile or Authenticator.

Later, they got the option to use physical security keys as GitHub began supporting the experimental U2F API for Chrome, but it was limited.

WebAuthn support now in place, they can now use security keys with:

  • Windows, macOS, Linux, and Android: Firefox and Chrome-based browsers
  • Windows: Edge
  • macOS: Safari (currently in Technology Preview but coming soon to everyone)
  • iOS: Brave, using the new YubiKey 5Ci.

Also, for those who don’t want to lug around actual physical keys, WebAuthn allows them to turn their phone or laptop into one via:

  • Windows Hello (through Microsoft Edge on Windows)
  • Touch ID (through Chrome on macOS)
  • A fingerprint reader (through Chrome on Android).

GitHub 2FA security keys

For the time being, security keys can still only be a second authentication factor but, according to GitHub security engineer Lucas Garron, they are looking into the option of making them a primary second factor as more platforms support them.

GitHub users can find instructions on how to set up and configure two-factor authentication on their accounts here.




More about
  • 2FA
  • account protection
  • biometrics
  • GitHub
  • security key
Share this

Featured news

  • iPaaS: The latest enterprise cybersecurity risk?
  • Conti effectively created an extortion-oriented IT company, says Group-IB
  • Inside a large-scale phishing campaign targeting millions of Facebook users
Webinar: What’s trending in email security?

What's new

Week in review: Log4Shell exploitation, DevSecOps myths, 56 vulnerabilities impacting OT devices

New infosec products of the week: June 24, 2022

Attackers still exploit Log4Shell on VMware Horizon servers, CISA warns

How companies are prioritizing infosec and compliance

Don't miss

Attackers still exploit Log4Shell on VMware Horizon servers, CISA warns

iPaaS: The latest enterprise cybersecurity risk?

Conti effectively created an extortion-oriented IT company, says Group-IB

Automotive hose manufacturer hit by ransomware, shuts down production control system

Inside a large-scale phishing campaign targeting millions of Facebook users

Help Net Security - Daily information security news with a focus on enterprise security.
Follow us
  • Features
  • News
  • Expert Analysis
  • Reviews
  • Events
  • Reports
  • Whitepapers
  • Industry news
  • Newsletters
  • Product showcase
  • Twitter

In case you’ve missed it

  • How to keep your NFTs safe from scammers
  • Is your organization ready for Internet Explorer retirement?
  • Attackers aren’t slowing down, here’s what researchers are seeing
  • Why you should worry about medical ID theft

(IN)SECURE Magazine ISSUE 71.5 (June 2022)

Several of the most pressing topics discussed during this year’s Conference included issues surrounding privacy and surveillance, the positive and negative impacts of machine learning and artificial intelligence, the nuances of risk and policy, and more.

Read online
© Copyright 1998-2022 by Help Net Security
Read our privacy policy | About us | Advertise