GitHub, one of the world’s largest software development platforms, has now enabled support for the WebAuthn authentication standard.
The move means that GitHub users will now be able to authenticate directly through the web browsers supporting it, including Microsoft Edge, Mozilla Firefox, Google Chrome, Apple Safari, and iOS Brave. And the authentication process itself can be done with either a physical security key, such as a YubiKey device that plugs directly into a computer’s USB port, or through biometric authentication. That’s because WebAuthn allows users to use their smartphones or laptops as security keys themselves; in the case of devices supporting Microsoft Edge, authentication can be performed through the Windows Hello biometric authentication platform supporting facial and fingerprint recognition, while Chrome users on macOS and Android devices can authenticate using a fingerprint scan.
GitHub’s embrace of WebAuthn is the latest indication of the growing popularity of the authentication standard as more companies and end users become familiar with the dangers of hack attacks and data breaches.
“Account security is critical for GitHub,” the Microsoft-owned company explained in a blog post announcing the move. “Although we support strong authentication options, many people still don’t use a password manager or two-factor authentication because individual passwords have always been the easiest choice.”
GitHub’s support for WebAuthn comes in the wake of similar moves from other major platforms including Twitter and Coinbase, and follows well after GitHub’s early embrace of the FIDO Alliance’s U2F authentication standard. And while GitHub’s support for security keys is currently on the basis of using them as a supplemental authentication factor, the company says it’s “evaluating security keys as a primary second factor as more platforms support them.”
Sources: GitHub, MSPoweruser, The Inquirer
August 26, 2019 – by Alex Perala