GitHub has announced that users of its website can now opt-in to its passkey public beta. Doing so will replace your password and 2FA login methods with the more seamless passkey method.
According to the company, passkeys on GItHub.com require user verification and count as two factors of authentication in one. For example, methods of verification include your thumbprint, face, or knowledge of a PIN. These double up with something you have such as your physical security key or your device.
To start using passkeys on your GitHub account, you need to go to the ‘Settings’ sidebar and look for the ‘Feature Preview’ tab. There, you should see an option to ‘enable passkeys’.
Once your passkeys have been enabled, you’ll be able to upgrade security keys to passkeys and register the new passkeys. It’s very important that you register passkeys on several devices because only setting them up on one device, and losing it, could lead to an account lockout.
According to GitHub, passkeys allow cross-device authentication, for example, you can log in on your desktop computer and verify your login on your phone. In practice, imagine trying to log in on the desktop and being shown a QR code which you scan with your phone, you then complete the login on your phone and your desktop signs in.
Earlier, it was mentioned that it’s important to set up passkeys with multiple devices to avoid a lockout. Some providers allow you to get around this inconvenience if you sync your passkey with something like your iCloud account on iOS and macOS or Google Password Manager in Chrome and on Android.
Third-party services like 1Password and Dashlane also support the syncing of passkey too so getting locked out of your account shouldn’t actually arise that much if you sync your passkeys.