GitHub Now Supports WebAuthn

GitHub now supports Web Authentication (WebAuthn). WebAuthn, a WC3 API for accessing public key credentials, is seen by many as the new standard for secure authentication across the web. GitHub has adopted the standard and sees it as an opportunity to include two-factor authentication on GitHub from more browsers and devices than ever before.

WebAuthn opens an unprecedented number of browsers for use with physical security keys on GitHub. Further, users can now use laptops and phones as the security key (no need for a separate physical key). Devices using the following browsers can register the device today: Microsoft Edge on Windows, Chrome on macOS, Chrome on Android. All three installations require the biometric capability to act as a physical key. GitHub will update this list as more browsers and devices start supporting WebAuthn.

GitHub is positioning this move as the first step in "the future of authentication." GitHub's goal is to help the industry adopt standards that are secure and easy to use. This might include single factor authentication if protected by strong enough biometric control. This concept is already included as a possibility with WebAuthn. GitHub has published open-source libraries for various languages using WebAuthn and a lightweight JavaScript wrapper for those looking to get started.

Be sure to read the next Security article: Imperva Breach is Another Reminder That API Keys Alone Cannot Secure APIs

 

Comments (0)