GitHub integrates WebAuthn protocol for biometric authentication

Software development platform GitHub now supports Web Authentication (WebAuthn) protocol that adds biometrics and physical security key logins for Firefox, Chrome, Edge, macOS (Safari), Linux, iOS and Android to improve security standards and online authentication.

WebAuthn is a security standard for robust, easy-to-use authentication. It is an extra layer of security, as GhitHub already supports SMS-based two-factor-authentication, password authentication and U2F physical security key for Chrome.

GitHub is not the only company to add this new standard for secure authentication when using an online browser to log into services. Japanese software company Nulab added WebAuthn support in July so its user could benefit from enhanced biometric security while moving away from traditional passwords.

Offering uncomplicated authentication for even more browsers and devices, laptops and phones can also be used as security keys, without having to carry a physical security key. This feature works using facial recognition, a fingerprint reader, or PIN for Microsoft Edge on Windows, Touch ID for Chrome on macOS and a fingerprint scanner for Chrome on Android.

“Account security is critical for GitHub,” wrote Lucas Garron, GitHub’s security engineer in a blog post. “Although we support strong authentication options, many people still don’t use a password manager or two-factor authentication because individual passwords have always been the easiest choice.”

“Because platform support is not yet ubiquitous, GitHub currently supports security keys as a supplemental second factor,” Garron said. “But we’re evaluating security keys as a primary second factor as more platforms support them.”

The WebAuthn protocol is officially endorsed by FIDO Alliance and the World Wide Web Consortium (W3C) as an online authentication standard.

Article Topics

access management  |  biometrics  |  FIDO Alliance  |  GitHub  |  online authentication  |  standards