GitHub officially supports two-step authentication with physical security key with WebAuthn support


Ben Scholzen

As of August 21, 2019, GitHub , an online platform for software development, announced that it supports WebAuthn , a web standard for performing multi-factor security authentication on browsers. GitHub has partially supported two-step authentication with physical security keys until now, but support for WebAuthn now officially supports login with physical security keys and biometric authentication.

GitHub supports Web Authentication (WebAuthn) for security keys-The GitHub Blog

WebAuthn is a standard for enabling online authentication technology specifications called FIDO2 to be used in web applications and web services. It includes biometric information such as fingerprints and irises, one-time passwords via SMS, and physical security keys using cryptographic keys. Multi-factor authentication can be used.

Password-free login method `` WebAuthn '' becomes a web standard-gigazine

GitHub has partially supported two-step authentication using physical security keys by introducing the U2F (Universal 2nd Factor) API that has been experimentally released for Chrome. However, GitHub says that support for WebAuthn has made it possible to formally access using physical security keys.

by Tony Webster

The following browsers are supported by OS.

Windows: Mozilla Firefox, Chromium-based browser, Microsoft Edge
macOS: Mozilla Firefox, Chromium-based browser, Safari
Linux: Mozilla Firefox, Chromium-based browser
iOS: Brave compatible with Yubico's physical security key ' YubiKey 5Ci '
Android: Mozilla Firefox, Chromium-based browser

In addition, by supporting WebAuthn, even if there is no physical security key connected with USB or Lightning terminal, the notebook PC or smartphone itself can be used as a security key, making it possible to utilize fingerprint readers and face recognition .

GitHub staff Lucas Garron said, “Because WebAuthn support is not widespread at this stage, it supports physical security keys as a supplementary second element. However, as more platforms support WebAuthun, The security key will be the main authentication factor, ”commented. Also, “WebAuthn support now supports biometrics-only logins. We ’re not ready to announce future plans, but it ’s as easy as possible to make secure authentication as easy as possible for all GitHub users. 'We will continue to pursue the method,' Garon said, indicating that in the future we are also looking into a completely passwordless login system.

in Web Service,   Security, Posted by log1i_yk