GitHub started testing Passkey in July this year. According to its official blog, GitHub has officially launched the Passkey service. All GitHub users can enable Passkey in their account security settings.
GitHub allows users to register PassKey for different devices. Currently, the Linux platform and browsers such as Firefox do not have perfect support for PassKey. Therefore, GitHub has decided to provide a cross-device Passkey registration feature. For example, users can register Passkey on their mobile phones and then log in to their computers.
GitHub’s current goal is to encourage all accounts to have multiple 2FA credentials. Thus, if a user loses one credential, they can recover their account using other credentials. GitHub can detect if a user’s device is compatible with a passkey. If this happens, it will remind the user to register a passkey.
In addition, the cloud-based Passkey service also supports cross-device credential synchronization. For example, Apple’s iCloud account can synchronize the Passkey of iOS and macOS. Also, Google Code Verifier can synchronize the Passkey of all the user’s Android devices. It can also synchronize third-party password management programs such as 1Password. Passkey for all devices where the program is installed.
What are Passkeys?
Passkeys are a new form of authentication. It allows users to sign in to their GitHub account without using a password. Instead, users can use a cloud-backed passkey service to sync their passkeys across devices. This includes Apple devices, Android devices, or password managers, so they can be used from anywhere. Passkeys offer the strongest mix of security and reliability. They can make developer accounts much more secure without compromising access.
Upon enquiry, ITHome learnt that Passkey is a login verification file consisting of a set of keys. The public key is used to register on a website or app. However, there is also a private key that is stored on the user’s device. Once the user has registered Passkey, they can use various biometric features. This includes fingerprints, iris and PIN codes on the device to log in to different website services. This can be done with a single click. PassKey is based on the FIDO 2 / WebAuthn standard. For this reason, it supports cross-platform use.
How do Passkeys Work?
Passkeys are based on public-key cryptography, which is a method of encrypting and decrypting data. This is done using a pair of keys: a public key and a private key. The public key is used to encrypt the data, while the private key is used to decrypt it. When a user signs in to their GitHub account using a passkey, the passkey is used to encrypt a message. This message will go to GitHub’s servers. The servers then use the user’s public key to decrypt the message and verify the user’s identity.
Passkeys are also privacy-preserving, which means that they do not reveal any data about the user’s identity. In fact, they do not reveal any info on the device the user is using to sign in. This makes passkeys more secure than regular passwords, which can be easily guessed or stolen.
What are the Benefits of Passkeys?
Passkeys offer several benefits over regular passwords, including:
1. Increased Security: Passkeys are more secure than regular passwords. This is because they are based on public-key cryptography, which is much harder to crack than a password.
2. Phishing Resistance: Passkeys are resistant to phishing attacks because they do not reveal any data. All data about the user remains safe. They do not reveal any data about the device used for signing in.
3. Convenience: Passkeys are more convenient than regular passwords. This is because they can be synced across devices, such as Apple devices, Android devices, or password managers. This means that they can be used from anywhere.
4. Privacy-Preserving: Passkeys are privacy-preserving. This means that they do not reveal any data about the user’s identity.
5. Reduced Password Fatigue: Passkeys can help reduce password fatigue. This is because users do not have to remember multiple passwords for different accounts.
Cons of Passkeys:
1. Limited support: One of the biggest downsides to passkeys is that not many apps and websites support them at this point. This means that you may not be able to use passkeys for all of your online accounts, which can be inconvenient.
2. New technology: Passkeys are a relatively new technology, so there may be some bugs or issues that need to be worked out. It may take some time for passkeys to become more widely adopted and for developers to fully integrate them into their apps and websites.
3. Device-dependent: Passkeys are linked to a specific device, so if you lose or replace your device, you will need to set up new passkeys. This can be a hassle if you have a lot of accounts that use passkeys.
4. Learning curve: While passkeys are designed to be easier to use than passwords, there is still a learning curve involved in setting them up and using them. Some users may find this process confusing or frustrating.
5. Privacy concerns: Passkeys are stored on your device, which means that if your device is compromised, your passkeys could be at risk. It’s important to keep your device secure and to use other security measures, such as two-factor authentication, to protect your accounts.
Conclusion
GitHub’s passkey service is a new form of authentication that allows users to sign in to their GitHub account without using a password. Passkeys are based on public-key cryptography, which is a method of encrypting and decrypting information using a pair of keys: a public key and a private key. Passkeys offer several benefits over traditional passwords, including increased security, phishing resistance, convenience, privacy-preserving, and reduced password fatigue. With the launch of passkeys into general availability, GitHub is taking a step towards passwordless authentication, which is more secure and convenient for users.