After its beta trial, GitHub has now announced the general availability of passkeys for all users.
In its blog post, the repository said that the implementation is part of its mission to, “[strengthen] security across the platform—without compromising user experience.” It also notes that it will continue to push forward with making 2FA mandatory for all accounts by the end of the year too.
Passkeys allow users to sign in without needing a password. As well as increasing convenience, they are also believed to be more secure, as there are no credentials that can be phished for by bad actors – which is the most popular cyberthreat faced by business.
A new trend emerging
The news is the latest in a string of announcements from other firms declaring their support for passkeys too. Recently, it was found that WhatsApp looks set to adopt the passwordless technology, and since the release of Apple’s iOS 17 for iPhone, password managers 1Password and NordPass have expanded their support for passkeys as well.
Passkeys do away with passwords, instead relying on a pair of cryptographic keys – one in the cloud and one on device – to grant access to supported services. All that is needed to authenticate is whatever you use to lock your device – fingerprint, face, or PIN. Physical security keys can also be used.
Thanks to cloud syncing, they can also be used across multiple devices. However, the lack of cross-platform support has been a criticism of passkey implementation, although this does seem as if it is being addressed.
For instance, as GitHub says, “if you’re a Chrome and Mac user, you’ll be able to access the iCloud keychain on Macs, in Chrome 118, meaning that a passkey created on your iOS device and synced to your Mac will now be usable within Chrome. This kind of cross-ecosystem support is critical to the free and open use of passkeys.”
Using a compatible third-party password manager will also make passkeys available across different platforms.
Multiple passkeys can be registered on a single GitHub account. Users need to navigate to the security settings and click, “Add a passkey.” For those using security keys, they will see “upgrade” instead, if the keys are compatible.
GitHub noted, however, that during the beta, it learned that, “Linux and Firefox users struggled to use passkeys, as those platforms don’t yet have strong support for passkeys.”
As a workaround to make those platforms compatible, GitHub, “decided to enable cross-device registration of passkeys. That means, you can register a passkey on your phone while you’re using your desktop. The passkey lives in the phone, but users can connect it to their desktop and set-up and authenticate through the desktop’s browser.”