GitHub Introduces Password Lock for More Secure and Convenient Authentication

GitHub has announced a new feature which allows users to log in to their account without using a password. The feature, called passwordless authentication, is designed to provide a more secure and convenient way to access GitHub.com.

Passwordless authentication via passkey work using WebAuthn, a web standard that allows browsers to communicate with security devices such as biometric scanners, USB locks, or smartphones. Users can register one or more of these devices with their GitHub account and use them to verify their identity when logging in.

GitHub says passwordless has the following benefits:

Eliminates the risk of phishing attacks, in which hackers try to trick users into revealing their passwords by sending fake emails or websites. Reduces the need for password managers, which are vulnerable to breaches or malware. Simplifies the login process, as users do not need to remember or type complex passwords. Supports multiple devices, so users can switch between different browsers or computers without losing access to their account.

GitHub states that passwordless authentication is compatible with most modern browsers and platforms, including Chrome, Edge, Firefox, Safari, Windows, macOS, Linux, Android, and iOS. Users can also choose to enable two-factor authentication (2FA) for an extra layer of security.

To use passwordless authentication, users must go to their account settings and select “Security” from the sidebar. Then they need to click “Set up passwordless sign-in” and follow the prompts to enroll their device. Once registered, they can use their device to log in to GitHub.com from any browser.

Passwordless authentication is currently available to all GitHub.com users and will be rolling out to GitHub Enterprise Cloud customers soon. GitHub plans to add more features and options for passwordless authentication in the future.

Microsoft Also Testing Passkey for Windows Hello

As I reported last month, Microsoft testing new ways to sign in to websites and apps in Windows 11 uses Passkey through Windows Hello, a standard designed to be more secure than traditional passwords.

Pass lock is a new and secure way to log into online accounts. It is a special code that the device generates and stores for the user. Codes are not sent to websites and apps where users are logged in. This prevents hackers from capturing or forging them. Users can enable Passkey on their Windows 11 devices. Then they can access their online account with a simple scan of their face or finger. They can also enter a PIN, but it is less secure than biometrics.

Passkey is currently in testing on Windows Hello via Windows 11 preview build 24386, but Microsoft plans to make it available to everyone later this year. The company owning passkeys is part of its vision to do away with passwords altogether and make online security more user-friendly. Companies have been looking for passwordless solutions for years, such as using phone numbers, email addresses, or security keys as an alternative to passwords. With Windows 11, Microsoft hopes to make passkeys more widely available and compatible with more apps and websites.